4 steps to create free SSL certificate for developmen  

Posted by T ZAMAN in

ntroduction and Goal

Step 1 :- Locate makecert.exe

Step 2:- Create the certificate

Step 3 :- Assign the certificate to the site

Step 4:- Test the site

Step 5 :- Find a nice restaurant

SSL diagnostic tool

Introduction and Goal

There are times where we would like to have SSL enabled in our development environment. SSL certificates needs to be bought from places like Thawte, Verisign, GeoTrust etc. Typical cost of SSL certificate is shown below.



Setup Fee

Recurring Fee


Month 1





Every quarter





Once every 12 months





This means you also need to buy SSL certificate for your development server. This cost can double if you also setup of development and testing environment. So this article will save you 100$ atleast . Microsoft has provided ‘makecert.exe’ tool which helps us to create test certificates for our development environment.

Now a days I am distributing my 400 questions and answers eBook which covers major .NET related topics like WCF,WPF,WWF,Ajax,Core .NET,SQL Server,Architecture and lot lot more. I am sure you will enjoy this eBook.

Step 1 :- Locate makecert.exe

The first thing is to locate makecert.exe. You can get the same from “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin” or you can also get it from windows SDK.

Let’s run through what is “makecert.exe” and the explanation of different parameters. I admit this section I have shamelessly copied from http://msdn.microsoft.com/en-us/library/dd434713.aspx

MakeCert (Makecert.exe) is a command-line tool that creates an X.509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.

Below is a detail list of how to use make cert

Collapse code snippet
MakeCert [/b DateStart] [/e DateEnd] [/m nMonths] [/n "Name"] [/pe] [/r] [/sc SubjectCertFile] [/sk SubjectKey] [/sr SubjectCertStoreLocation] [/ss SubjectCertStoreName] [/sv SubjectKeyFile] OutputFilePartial list of switches and arguments

/b DateStart
Specifies the start date when the certificate first becomes valid. The format of DateStart is

If the /b switch is not specified, the default start date is the date when the certificate is created.

/e DateEnd
Specifies the end date when the certificate’s validity period ends. The format of DateEnd is

If the /e switch is not specified, the default end date is 12/31/2039.

/m nMonths

Specifies the number of months starting from the start date during which the certificate will remain valid.

/n "Name"
Specifies a name for the certificate. This name must conform to the X.500 standard. The simplest method is to use the "CN=MyName" format.
If the /n switch is not specified, the default name of the certificate is "Joe's Software Emporium".

Configures MakeCert to make the private key that is associated with the certificate exportable.

Configures MakeCert to create a self-signed root certificate./sc SubjectCertFile
Specifies the subject's certificate file name along with the existing subject public key that is used.

/sk SubjectKey
Specifies the name of the subject's key container that holds the private key. If a key container does not exist, a new key container is created. If neither /sk nor /sv switch is entered, a default key container is created and used by default.

/sr SubjectCertStoreLocation
Specifies the registry location of the certificate store. The SubjectCertStoreLocation argument must be either of the following:
Specifies the registry location HKEY_CURRENT_USER.
Specifies the registry location HKEY_LOCAL_MACHINE.
If the /r switch is not specified along with the /s switch, currentUser is the default.

/ss SubjectCertStoreName
Specifies the name of the certificate store where the generated certificate is saved.

/sv SubjectKeyFile
Specifies the name of the subject's .pvk file that holds the private key. If neither /sk nor /sv switch is entered, a default key container is created and used by default.
The name of the file in which the generated certificate is saved.

Step 2:- Create the certificate

The second step is to create the certificate. You can type the below thing through your dos prompt on “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin”. Please note “compaq-jzp37md0” is the server name so you need to replace with your PC name.

makecert -r -pe -n "CN= compaq-jzp37md0 " -b 01/01/2000 -e 01/01/2050 -eku -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

If you run the same through your command prompt you should get a succeeded message as shown below.

Step 3 :- Assign the certificate to the site

Now it’s time to assign this certificate to your IIS website. So go to IIS properties , click on directory security tab and you should see server certificate tab.

So click on the server certificate tab and you will then be walked through a IIS certificate wizard. Click ‘Assign a existing certificate’ from the wizard.

You can see a list of certificates. The “compaq-jzp37md0” certificate is the one which we just created using ‘makecert.exe’.

Step 4:- Test the site

Now try to test the site without ‘https’ and you will get an error as shown below….That means your certificate is working.

Step 5 :- Find a nice restaurant

Now that you have saved 100$ find a nice restaurant to burn it… 

SSL diagnostic tool

There is a other easy way also using the SSL diagnostic tool. Download this tool from http://www.microsoft.com/downloads/details.aspx?familyid=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en and create new cert on the IIS application with just a click as shown below.

Image courtesy :- http://pranas.net/Tutorials/ssl/SSLDiagnostics.htm


Get a Prepaid Visa Card - No credit check. Quick approval. Shop online, pay bills, use ATMs




This blog is intended for educational use. All data presented on this website were gathered from outside sources and no files are actually hosted in this website. The owner of this site shall not be held responsible for how the site visitors use the information provided here.


Top Commentators

Widget by Blogger Widgets

Recent Posts




FEEDJIT Live Traffic Feed