John Howard - Senior Program Manager in the Hyper-V team at Microsoft

Senior Program Manager, Hyper-V team, Windows Core Operating System Division.

Blogs

How-To install a certificate for SSL Encryption under IIS

  • Comments 1
  • Likes

Following on from my post a couple of days ago  about using MakeCert to generate a self-signed certificate, this is one way in which you can test that the generated certificate is working correctly for SSL authentication within IIS. It was almost worthy of a blogcast (BTW, congratulations Mike for joining in the fun), but given I've all but lost my voice at the moment, here's the old fashioned way.

  • Create a new folder such as c:\test, and within it, create a new default.htm file using notepad. The content doesn't matter, but here's a very simple example
    <BODY>
    This is my SSL protected site
    </BODY>
     
  • Start Internet Information Services (IIS) Manager from the Administrative Tools folder
     
  • (I'm going to lead you through creating a new web-site, although I could assign the certificate to the default web-site)
    Right-click on Web-sites and select New Web-Site
     
  • Follow through the wizard. When you get to "Description", enter the name "Test"

     
  • Keep going through the wizard, and enter c:\test on the path step

     
  • On the newly created site, right-click and select properties and select the Directory Security tab

     
  • Click Server Certificate and work your way through the wizard
     
  • Select Assign an existing certificate

     
  • Select your newly created certificate

     
  • Choose port 443 (default SSL port)

     
  • Click Next/OK to finish the wizard and exit the site properties.
     
  • Currently the web-site is stopped. Right click the Test web-site and choose start
     
  • Open a browser and go to https://jhoward-5160/test, replacing jhoward-5160 with your machines DNS name. Note the MSN Toolbar :-)

     
  • Double-click the padlock icon in the bottom right to view the certificate for your site

     

Congratulations! If everything works this far, you have managed to create and protect a test web-site using SSL encryption and a self-signed certificate generated using MakeCert.exe

Comments
  • I am able to create a test certificate with MakeCert, but it doesn't appear as an Assignable ceritificate in IS. Any idea what I might be missing?

    I am also looking for a step by step example on how to establish certificate authentication between a WebForm and and a WebService. I have tried creating a Cert using MakeCert, adding it to the certificate trust list on IIS and reading it into the the proxy on the Web Form client, but I keep getting the following error on the client side: "The underlying connection was closed: Could not establish trust relationship with remote server." Any ideas?





    Thanks,
    Dave