tags:

views:

7550

answers:

5
+1  Q: 

How to create a self-signed wildcard SSL certificate for IIS 6?

I'm trying to create a self-signed wildcard SSL certificate for use on a number of development and test servers running IIS 6. Following various guides has led to a couple ways of generating the certificates, but I haven't had any luck getting it to work. The most successful ways I've had were following this OpenSSL guide and using makecert.exe like so:

makecert.exe -r -b 01/01/2009 -e 01/01/2042 -sr LocalMachine -ss MY -a sha1 -n CN="*.example.com" -sky exchange -pe -eku 1.3.6.1.5.5.7.3.1 -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" wildcard.cer

 

Both of which generate certificates that IIS 6 will accept, but when I actually try to view the site I get the following error in firefox:

Data Transfer Interrupted

The connection to dev.example.com was interrupted while the page was loading.

IE just gives:

Internet Explorer cannot display the webpage

Most likely causes:

  • You are not connected to the Internet.
  • The website is encountering problems.
  • There might be a typing error in the address.

This error happens whether I try to access it by domain name, machine name, localhost, local ip, or loopback ip.

So...how can I create a self-signed wildcard cert that IIS 6 will work with? Or how can I fix the problems I'm experiencing with the ones I've already created?

A: 

Did you realize that you would need to change from "example.com" to some thing more appropriate to your situation ("localhost" might be one of them during testing).

Khnle  2009-01-23 21:25:34
I changed it to example.com for illustration purposes here, per [RFC 2606](http://www.rfc-editor.org/rfc/rfc2606.txt) I used real domains for my implementation. And if I hadn't, errors about non-matching domains would be expected, not data transfer interrupted.
phloopy  2009-01-25 17:51:40
A: 

For IIS 7 - there is a wzard to do this. It takes about 30 seconds to setup.

For IIS 6 - it's a bit trickier. It takes about 30 minutes to setup.

Which one are you using?

I strongly recommend moving to IIS 7 - it is very foreign at first, but they've made a lot of improvements.

Given that you probably can't upgrade to IIS 7, I had to do the following to implement what you want in IIS 6.

1) create certificate server 2) generate request 3) grant request 4) install certificate

It's a bit of a pain to setup the certificate authority server, but it comes with Windows Server and the walkthrough is pretty straight forward.

mson  2009-01-23 21:30:01
Good catch. I'm using IIS 6. I've updated the question.
phloopy  2009-01-25 17:53:46
This is for XP development machines, so Certificate Server wasn't an option either. I did do exactly those steps with the OpenSSL guide I linked to above, but even after installed it still wouldn't work, with the errors detailed. /:
phloopy  2009-01-26 20:43:57
+3  A: 

You can use the IIS 6 Resource Kit provided by MS, an command line app called SelfSSL. It can generate the SSL key and import it into your IIS installation.

IIS 6 Resource Kit

MattGWagner  2009-02-05 02:37:56
A: 

We discovered that the Certificate Authority wasn't being trusted because of domain settings and was causing the errors. We ended up deploying a star cert generated by a trusted CA and that cleared up the problems.

phloopy  2009-10-21 19:09:18
A: 

For IIS 7 - there is a wzard to do this. It takes about 30 seconds to setup.

IIS 7 wizard does not allow wildcards certificates. For example when I set the name in the wizard as *.example.com then it issues the certificate to servername.example.com

orad  2010-09-26 20:28:51
Welcome to Stack Overflow. Thanks for responding to my question, but since your post wasn't really an answer you should post it as a separate question, or more appropriately as a comment to the answer you're responding to.
phloopy  2010-10-04 17:30:18

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL