Self Signing Certificate for IIS
Create a self signing certificate for IIS
VS2005 provides tools to do this which is called makecert and pvk2pfx. First all you need to do is run the following batch file and specify a name for it.
For example
yourBatchFile.bat testCert
The content of batch file is as follows
makecert -r -pe -n "CN=testCert" -sky exchange -sv %1.pvk %1.cer
pvk2pfx -pvk %1.pvk -spc %1.cer -pfx %1.pfx
Once you have this installed, please goto
Start->Run->MMC->File->Add SnapIn->Add->Certificates
A wizard will appear asking you the scope of your certificates. Choose Computer account and Finish.
Select Local Computer and again click Finish. Click Close and then OK.
This will bring you to a Certificates Console.
Expand Personal -> Certificates, right click and select Import.
The wizard will prompt you for the certificate that you have generate earlier. Provide the test.pfx. When ask for password click Next, Next and Finish.
You need to repeat the same process for Trusted Root Certification Authorities. Expand Certificates and look for Trusted Root Certification Authorities. Under All Task -> Import.
You need to choose testCert.pfx as well.
Configuring IIS
Go to IIS -> Default Web Site -> Properties ->Directory Security -> Server Certicate -> Assign Existing Certificate -> Select testCert -> Click Next and Finsih
The batch file generates an identity for you under the keyword "CN=testCert".
This means that if user where to type in something like www.testCert.com this certificate will be able to validate that it is a legitimate site.
At this point you can use SSL Diagnostic tool for your test to see if you have install your Certificate correctly.
Please proceed to change your hosts file. It can be found under Windows\System32\Drivers\etc\hosts.
Add an entry like the following.
127.0.0.1 testCert
Save it and then you can test out your SSL enabled by firing up your browser and type in the following.
https://www.testCert.com/yourTestSample
yourTestSample is a valid virtual directory in IIS.
That's it and you can use the following setup for CardSpace.
VS2005 provides tools to do this which is called makecert and pvk2pfx. First all you need to do is run the following batch file and specify a name for it.
For example
yourBatchFile.bat testCert
The content of batch file is as follows
makecert -r -pe -n "CN=testCert" -sky exchange -sv %1.pvk %1.cer
pvk2pfx -pvk %1.pvk -spc %1.cer -pfx %1.pfx
Once you have this installed, please goto
Start->Run->MMC->File->Add SnapIn->Add->Certificates
A wizard will appear asking you the scope of your certificates. Choose Computer account and Finish.
Select Local Computer and again click Finish. Click Close and then OK.
This will bring you to a Certificates Console.
Expand Personal -> Certificates, right click and select Import.
The wizard will prompt you for the certificate that you have generate earlier. Provide the test.pfx. When ask for password click Next, Next and Finish.
You need to repeat the same process for Trusted Root Certification Authorities. Expand Certificates and look for Trusted Root Certification Authorities. Under All Task -> Import.
You need to choose testCert.pfx as well.
Configuring IIS
Go to IIS -> Default Web Site -> Properties ->Directory Security -> Server Certicate -> Assign Existing Certificate -> Select testCert -> Click Next and Finsih
The batch file generates an identity for you under the keyword "CN=testCert".
This means that if user where to type in something like www.testCert.com this certificate will be able to validate that it is a legitimate site.
At this point you can use SSL Diagnostic tool for your test to see if you have install your Certificate correctly.
Please proceed to change your hosts file. It can be found under Windows\System32\Drivers\etc\hosts.
Add an entry like the following.
127.0.0.1 testCert
Save it and then you can test out your SSL enabled by firing up your browser and type in the following.
https://www.testCert.com/yourTestSample
yourTestSample is a valid virtual directory in IIS.
That's it and you can use the following setup for CardSpace.
Comments