Creating a developer SSL certificate on IIS 6.0

It’s one of those things you need to do once and forget about it. Sometimes it’s necessary to develop something which required talking to a webservice. A lot of the times, the webservice is secured with an SSL certificate in the real world.

As most companies don’t want to spend good money to real SSL certificates for development workstations/servers, we have to create our own. You can of course develop the functionality with a non-secured environment, but for testing purposes it’s probably useful to have the test environment match the QA or production servers.

A while back I had an issue in some production software. We discovered something was malfunctioning I was needed to figure out what was wrong. As the code hadn’t changed in quite some time and it appeared the code was good (enough), I started looking at the infrastructure and discovered it might have something to do with the webservice (in SSL) it was talking to. As I couldn’t connect to the production environment, I had to connect to a local service which was running in SSL, so I did.

If you want to do this, you need to take quite some steps if you are running on IIS 6.0. This feature has improved a lot IIS 7.0/7.5. ScotGu has written a nice walkthough about this. Just hit the Create Self-Signed Certificate link and you are done. Too bad I was still developing in an IIS 6.0 environment (Windows 2003R2). I’ll describe the needed steps below.

The first thing which needs to be done is downloading the IIS 6.0 Resource Kit Tools. This doesn’t appear to be a big problem, but for me it was. I had found a lot of pages linking to the kit, but all of them were dead. After finally having found the correct link I was good to go and installed the needed SelfSSL application.

The tool comes with a decent help which you can check by typing selfssl /? in the command prompt. As we need to add a self-signed certificate to a website in IIS on a specific port number, we need the arguments /T, /S and /P. The values we need can be found in IIS Manager. The site ID and port number is specified in the overview of the websites:

image

In this case the site ID is 165159687 and the SSL port number we want to use is 82. The command we need to use will look like this:

selfssl /T /S:165159687 /P:82

Now the certificate is in place and you can visit the secured website in the browser. Once there you’ll see a message, something like this (depending on the browser)

(note: the following steps are also needed if you are running on the IIS7.0 webserver and are optional):

image

As this is our development site we can safely choose Continue on this website (not recommended). Once we are on the website you can see a small message next to the address bar stating there’s a Certificate Error.

image

You can click on this message and a popup will appear.

image

By clicking the link View certificates you can add the certificate to your local store so this error won’t be shown again. The following popup will appear:

image

(machine name and dates will vary)

If you want you can check some of the details in this popup, but as we know this is all good we can just click the Install Certificate button in the lower corner.

Stepping through the wizard you will get the option to place the certificate in a store. I first tried out the Automatically select., but that didn’t have the desired effect. After that I’ve tried the Personal store, but that didn’t help much either. After having tried those two options, I’ve placed the certificate in the Trusted Root Certification Authorities.

image

This had the desired effect, I could check the local SSL webservice without the annoying warning messages. With everything up and running the code could be debugged to check it was working properly with an SSL webservice. Lucky for me, it did, so I had to look for another solution for the problem.

Remember, only apply the above steps if you know you can trust the certificate. Don’t add certificates from the web from ‘fishy’ sites. It can cause a lot of problems to you and your computer.


Share

comments powered by Disqus