4 steps to create free SSL certificate for developmen

Posted by T ZAMAN in Tips n Tricks

There are times where we would like to have SSL enabled in our development environment. SSL certificates needs to be bought from places like Thawte, Verisign, GeoTrust etc. Typical cost of SSL certificate is shown below.

Description	Certificate	Setup Fee	Recurring Fee	Total
Month 1	$27.95	$25.00	$9.00	$61.95
Every quarter	$0.00	$0.00	$9.00	$9.00
Once every 12 months	$27.95	$0.00	$0.00	$27.95

This means you also need to buy SSL certificate for your development server. This cost can double if you also setup of development and testing environment. So this article will save you 100$ atleast . Microsoft has provided ‘makecert.exe’ tool which helps us to create test certificates for our development environment.

Now a days I am distributing my 400 questions and answers eBook which covers major .NET related topics like WCF,WPF,WWF,Ajax,Core .NET,SQL Server,Architecture and lot lot more. I am sure you will enjoy this eBook.
http://www.questpond.com/SampleDotNetInterviewQuestionBook.zip

Step 1 :- Locate makecert.exe

The first thing is to locate makecert.exe. You can get the same from “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin” or you can also get it from windows SDK.

Let’s run through what is “makecert.exe” and the explanation of different parameters. I admit this section I have shamelessly copied from http://msdn.microsoft.com/en-us/library/dd434713.aspx

MakeCert (Makecert.exe) is a command-line tool that creates an X.509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.

Below is a detail list of how to use make cert

Collapse code snippet

MakeCert [/b DateStart] [/e DateEnd] [/m nMonths] [/n "Name"] [/pe] [/r] [/sc SubjectCertFile] [/sk SubjectKey] [/sr SubjectCertStoreLocation] [/ss SubjectCertStoreName] [/sv SubjectKeyFile] OutputFilePartial list of switches and arguments

/b DateStart
Specifies the start date when the certificate first becomes valid. The format of DateStart is

mm/dd/yyyy.
If the /b switch is not specified, the default start date is the date when the certificate is created.

/e DateEnd
Specifies the end date when the certificate’s validity period ends. The format of DateEnd is

mm/dd/yyyy.
If the /e switch is not specified, the default end date is 12/31/2039.

/m nMonths

Specifies the number of months starting from the start date during which the certificate will remain valid.

/n "Name"
Specifies a name for the certificate. This name must conform to the X.500 standard. The simplest method is to use the "CN=MyName" format.
If the /n switch is not specified, the default name of the certificate is "Joe's Software Emporium".

/pe
Configures MakeCert to make the private key that is associated with the certificate exportable.

/r
Configures MakeCert to create a self-signed root certificate./sc SubjectCertFile
Specifies the subject's certificate file name along with the existing subject public key that is used.

/sk SubjectKey
Specifies the name of the subject's key container that holds the private key. If a key container does not exist, a new key container is created. If neither /sk nor /sv switch is entered, a default key container is created and used by default.

/sr SubjectCertStoreLocation
Specifies the registry location of the certificate store. The SubjectCertStoreLocation argument must be either of the following:
currentUser
Specifies the registry location HKEY_CURRENT_USER.
localMachine
Specifies the registry location HKEY_LOCAL_MACHINE.
If the /r switch is not specified along with the /s switch, currentUser is the default.

/ss SubjectCertStoreName
Specifies the name of the certificate store where the generated certificate is saved.

/sv SubjectKeyFile
Specifies the name of the subject's .pvk file that holds the private key. If neither /sk nor /sv switch is entered, a default key container is created and used by default.
OutputFile
The name of the file in which the generated certificate is saved.

Step 2:- Create the certificate

The second step is to create the certificate. You can type the below thing through your dos prompt on “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin”. Please note “compaq-jzp37md0” is the server name so you need to replace with your PC name.

Collapse

makecert -r -pe -n "CN= compaq-jzp37md0 " -b 01/01/2000 -e 01/01/2050 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

If you run the same through your command prompt you should get a succeeded message as shown below.

Step 3 :- Assign the certificate to the site

Now it’s time to assign this certificate to your IIS website. So go to IIS properties , click on directory security tab and you should see server certificate tab.

So click on the server certificate tab and you will then be walked through a IIS certificate wizard. Click ‘Assign a existing certificate’ from the wizard.

You can see a list of certificates. The “compaq-jzp37md0” certificate is the one which we just created using ‘makecert.exe’.

There is a other easy way also using the SSL diagnostic tool. Download this tool from http://www.microsoft.com/downloads/details.aspx?familyid=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en and create new cert on the IIS application with just a click as shown below.