In one of our screencasts – How to Install a Self Signed Certificate in IIS6 we have demonstrated the use of the SelfSSL.exe tool from IIS6 resource kit.

We get a lot of questions about creating a Self-Signed Certificate in Windows Server 2008. There is an option in IIS7 Manager to create a self-signed certificate, and this is an easy, and straightforward way to generate a certificate yourself. The problem with this approach is that you can not specify the name of the web site, because when you generate the certificate – IIS7 Manager uses the default FQDN of the server. In most cases, the FQDN by which the server is accessed, is different from the real name of the server. For example, the server used in the following Screencast is MBR-2k8.netometer.com, and the Web Site which is hosted on it, is accessed as https://test.netometer.com. When you generate a Self-Signed Certificate in IIS7 Manager, it is issued to Mbr-2k8.netometer.com. Step2 demonstrates the process of creating a Self-Signed Certificate in IIS7 Manager, and assigning it to your web site.

We get a lot of questions, whether you can use SelfSSL.exe and generate a Self-Signed Certificate in IIS7. In step3, we demonstrate how to use SelfSSL.exe to generate and assign a certificate, using the correct name of the web site – test.netometer.com. In addition we import it, and add the issuer to the root of the trusted certificate authorities, so you do not get a warning every time you open the web site.

Step 1 In the first step, we add the Web Server (IIS) role, and the necessary role services.

Step 2 In step2, you can see how to create a Self-Signed Certificate in IIS7 manager. We demonstrate also the problem which you might have with the name of the certificate – it uses the default name of the server.

Step 3 In the last step, we remove the previously created certificate. Then, we generate and assign a new one using SelfSSL.exe. Finally, we import the certificate, and add the issuer to the Root of the Trusted Certificate Authorities.