Faisal (Sal) Bawany’s TechNet Blog

Thoughts on Collaboration, Cloud Computing, and Enterprise solutions

How to create a self-signed Wildcard SSL Certificate

How to create a self-signed Wildcard SSL Certificate

  • Comments 2
  • Likes

Often times you need to run some SSL scenarios on a SharePoint site and getting a full CA SSL certificate may not be the quickest or economical option for a test environment. In my scenario, I needed to test several HNSC (Host Name Site Collections) in a single web application using the same domain name, such as, portal.contoso.com, teams.contoso.com. One of the great benefits of using HNSC is the ability to provide unique vanity URLs to each of your site collections, and secure traffic using single wild card SSL certificate. To learn more about HNSC, click here

In order to create the cert, you will need to use the Makecert tool, available in the Windows 7 and Windows 8 SDK. You can download the SDK from the Microsoft Download center. After you have downloaded and installed the SDK, use the following steps to create the cert:

  1. Open Command prompt, go to C:\Program Files (x86)\Windows Kits\8.0\bin\x86 and run the following command. Replace the date with the current date and domain name with your own domain name. 

    makecert -r -pe -e <09/14/2014> -eku 1.3.6.1.5.5.7.3.1 -ss My -n CN=<*.domain.local> -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -len 2048 

Above command creates a certificate that is good for a year, and will store it in the CurrentUser certificate store. The key piece in that above command that makes the cert wildcard is the CN=*.domain.local parameter. The next steps are to export and import the cert into your SharePoint servers: 

  1. Export the cert to a file path so you can then import it into your SharePoint Server(s). Open MMC and add the "Certificate" snap-in, browse to Personal/Certificates store, right click the cert, click All Tasks > Export. Follow the prompt to complete the wizard.
  2. After the file has been exported, copy and import it into your SP Server(s) using IIS manager, and then bind it to the web app. Since these are going to be your dev/test servers, you can optionally save the cert to the local trust authority to avoid the "not trusted authority…" warning messages.

Comments
  • Testing wildcards, this will come in handy! Thanks!

  • Nice and valuable knowledge thanks for sharing ...!!!!!
    I want to buy a ssl certificates i visited at Swift Webhost. would you recommend me which ssl certificates is best for my Website www.quickpos.com.au .
    Thanks
    er.mgupta89@gmail.com

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment