Recent Articles

How to Create a Self-Signed SSL Certificate

When you're testing a web site on IIS either on your own development PC or on staging, you need a way to generate a self-signing certificate if you don't want to put out a few hundred dollars. In the past, Microsoft made available a tool called SelfSSL inside the IIS 6.0 Resource Kit. The tool works but there is a bug when you try to create more than one certificate on the same machine. You keep losing the first certificate you created.

The better way is to use the new Microsoft SSL Diagnostics tool available from http://www.microsoft.com/downloads/details.aspx?familyid=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en

When you run the SSL Diagnostics tool, you get a whole bunch of information useful to debug any SSL problem.

SSL Diagnostics Tool

To generate a new certificate just right mouse on the Web Site and Create New Cert.

SSL Diagnostics Tool

However, this will only create a self-signed certificate good for 2 weeks (14 days). If you need something longer you need to run it from the command line like this below:

SSLDiag.exe /selfssl /V: /N:CN= /s:

For example, the command line would look like this for a typical site.

SSLDiag.exe /selfssl /V:9999 /N:CN=www.example.com /s:417729300

To find out your IIS Site Id, go to your IIS Web Site Properties and look for the number next to W3SVC.

SSL Diagnotics Tool IIS Properties