Creating Self-Signed Certificates (part 1)

The following example demonstrates how to setup up a self signed certificate for testing purposes.

Requirements:

Visual Studio Developer Command Prompt.

N.B. If the Visual Studio Developer Command Prompt is not present on the system you will need makecert.exe and pvk2pfx.exe in the folder that the certificates will be created. Windows command prompt can be used in this case. The makecert.exe and pvk2pfx.exe can be downloaded with Windows SDK.

 

Creating the CA authority

Run Visual Studio Developer Command Prompt as administrator. The VS Developer Command Prompt contains the makecert.exe and the pvk2pfx.exe that will create the self signed certificates.

Navigate to the location that you want the certificates to be created.

Execute the following command which will create a root certificate called “CARoot” and install it to the Local Machine Trusted  Root Certification Authorities.

 

makecert.exe -r -n “CN=CARoot” -pe -sv CARoot.pvk -a sha512 -len 4096 -b 01/01/2016 -e 01/01/2030 -sr LocalMachine -ss Root -cy authority CARoot.cer

 

When you run the command you will be prompted for the password to protect your private key.

If the command executed without errors “Succeeded” should be displayed below the command executed.

Now we package the .pvk and .cer into the .pfx file using the pvk2pfx.exe.

Execute the following command which will create the .pfx.

 

pvk2pfx.exe -pvk CARoot.pvk -spc CARoot.cer -pfx CARoot.pfx

 

Enter the private key password when prompted.

 

Creating the Client Certificate

Execute the following command which will create a client certificate called “ClientCert” and the install client certificate directly into the Current User Personal certificate store.

 

makecert.exe -ic CARoot.cer -iv CARoot.pvk -pe -sv ClientCert.pvk -a sha512 -n “CN=ClientCert” -len 2048 -b 01/01/2016 -e 01/01/2030 -sr CurrentUser -ss My -sky exchange ClientCert.cer -eku 1.3.6.1.5.5.7.3.2

 

When you run the command you will be prompted for the password to protect your private key.

If the command executed without errors “Succeeded” should be displayed below the command executed.

Now we package the .pvk and .cer into the .pfx file using the pvk2pfx.exe.

Execute the following command which will create the .pfx.

 

pvk2pfx.exe -pvk ClientCert.pvk -spc ClientCert.cer -pfx ClientCert.pfx

 

Enter the private key password when prompted.

 

Creating the Server Certificate

Execute the following command which will create a client certificate called “yourdomain.com” and the install server certificate directly into the LocalMachine Personal certificate store.

 

makecert.exe -ic CARoot.cer -iv CARoot.pvk -pe -sv pptmvc4test.com.pvk -a sha1 -n “CN=pptmvc4test.com” -len 2048 -b 01/01/2015 -e 01/01/2030 -sr LocalMachine -ss Root -sky exchange pptmvc4test.com.cer -eku 1.3.6.1.5.5.7.3.1

 

N.B. replace pptmvc4test.com with the name of your site domain.

Now we package the .pvk and .cer into the .pfx file using the pvk2pfx.exe.

Execute the following command which will create the .pfx.

 

pvk2pfx.exe -pvk pptmvc4test.com.pvk -spc pptmvc4test.com.cer -pfx pptmvc4test.com.pfx

 

Enter the private key password when prompted.

 

Now there should be nine(9) files in the folder containing the certificates:

  1. ClientCert.cer
  2. ClientCert.pfx
  3. ClientCert.pvk
  4. CARoot.cer
  5. CARoot.pfx
  6. CARoot.pvk
  7. pptmvc4test.com.cer
  8. pptmvc4test.com.pfx
  9. pptmvc4test.com.pvk

Configuring IIS

Open IIS Manager

Right Click Sites -> Add Website

pasted image 1

Add the name of the website

Navigate to the location of the folder containing the contents of the website for physical path

For binding type select https from the dropdown

Under hostname enter the name of the server certificate.

Choose the server certificate created for SSL certificate.

 

N.B. Your hostname and SSL certificate should be the same to avoid the warning shown below. In the event that they differ just click continue to the website.

pasted image 2

Next we need to ensure that the application pool that is associated with pptmvc4test.com is in sync with the web site.

 

Click on the “Application Pools” node in IIS and locate the app pool called “pptmvc4test.com”. Click on it and then select “Basic Settings” on the right hand side. Select the latest .NET framework

 

You will need to add the hostname to the local host file. This is done by running notepad or any text editor as administrator and opening the hosts file at the path: C:\Windows\System32\drivers\etc

pasted image 3

Add The following at the end of the ‘hosts’ file: 127.0.0.1 pptmvc4test.com

Save the file.

 

Now we enable client certificates on the website. Click the website “pptmvc4test.com” in the IIS and double click the option SSL Settings.

pasted image 4

pasted image 5

Click Accept under client certificates and turn off Require SSL(you can turn on Require SSL if you desire).

Click Apply on the right hand side to accept the changes.

Now it’s time to test.

Right click on the “pptmvc4test.com” website on the left side and navigate to Manage Website and click Browse.

pasted image 6

If all goes well you should get a prompt requesting you to select a certificate and the certificate created earlier should be present.

 

END OF PART ONE

Leave a Reply

Your email address will not be published. Required fields are marked *