Windows Self-Signed Certificate…

Most servers and https/ssh capable devices contain a self-signed Certificate which should generally have expiry date longer than the life of that device. So user/admin does not have to pay special attention to the specific expiration date of the Internet non-recognizable certificate. Generating certificate or certificate key is fairly easy other than on Windows server. Fortunately, Microsoft has a small command line utility “makecert.exe” that you can download for FREE to generate and install certificate locally. It is included in Microsoft SDK package. However the only problem is that sometimes it just doesn’t work, and it’s hard to determine what is wrong.

To generate and install, just run:

makecert -r -pe -n “CN=” -b 14/02/2012 -e 01/01/2100 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp “Microsoft RSA Channel Cryptographic Provider” -sy 12

For IIS 6, Then go to the IIS Manager “Web Site Properties” -> “Directory Security” -> “Server Certificate…” -> “Replace the current certificate” and select the new certificate from the list.

For IIS 7, try yourself as I do not have a IIS 7 installed server.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s