Self-Signed IIS SSL Certificates using OpenSSL

You may also like...

12 Responses

  1. Anonymous says:

    I easily created my certificate using your directions. I did run into a problem with the CRT file generated by my WebStar software. Looking online, I decided there was a hidden character or wayward space in the CRT. Openssl failed with a “no start line” error. I used Openssl to create a template CRT file then pasted the code from WebStar file into the template. It worked great after that. BTW, I've been fumbling through working with Macs. My WebStar runs in OS 9 and I created the certificate on another Mac running 10.2.8. I hope to get HTTPS running to check mail over a web page interface. Getting a secure connection without a bill from Verisign was the first of my hurdles.
    Thanks for the info!

  2. Anonymous says:

    That was exactly what I was looking for, thank you for documenting that.

  3. Anonymous says:

    This information was very helpful thankyou. The only problem is the darn *@&#( NT IIS won't accept the CA.crt file :-(. The server key loads, but IIS complains about not being able to verify the certificate authority. So…. I did this:
    1. Internet Information Services -> select the site -> right click -> Properties
    2. Directory Security -tab -> Secure communications -frame -> Edit…
    3. Select “Enable certificate trust list”, click New… -> Next
    4. Add from file -> use CA.crt -> Next
    5. Write something to the Name and Description, if you like. -> Next -> Finish
    Only IIS won't load the CA.crt file 🙁 It loads fine in the previous steps, so I can only assume there's a problem with IIS somewhere.
    Any ideas?

  4. Anonymous says:

    If you are using OpenSSL on Windows or if you find OpenSSL is not able to find your openssl.cnf file, modify step #2 to include the following parameter:
    -config openssl.cnf
    I'm running WinXP. In this example, I have openssl.cnf installed in the same location where openssl.exe is located.
    Thanks for a great and easy to follow article.

  5. Anonymous says:

    one of the best examples .. guided me perfectly ! thanks a ton //

  6. Anonymous says:

    If only all guides on the Internet were written as well as this; straight forward, step-by-step, easy to understand. Fantastic!
    thanks 😉

  7. Anonymous says:

    Excellent guide. I had to also manually install CA.crt onto each PC to get IE to accept that the certificate was valid. Doing so entered my company as a Trusted Root Certification Authority on those PCs. We're testing SSL internally on several servers with many tester PCs and installing our organization as a root certification authority was the only thing that worked. Everything else here was spot on, though.

  8. Who ever ..where ever you are.. you made my day!

  9. Dan Farrell says:

    Thanks much. You saved me a lot of work.

  10. Irwan Rivaldi says:

    this is great, thanks!

    but instead of using openssl on linux box, i’m using the openssl.exe embedded in xampp. it works like charm 🙂

  11. Mike says:

    I just wanted to point out that this does not generate a true self-signed certificate server certificates. You are generating a self-signed certificate authority, and then using that CA to sign a certificate request.

    A true self-signed certificate is signed by only itself, and not a certificate authority.

    This doesn’t really make much of a difference for what you guys are doing. Just pointing things out, that’s all.

  1. December 15, 2009

    […] The original is here. […]

Leave a Reply

Your email address will not be published. Required fields are marked *