Thursday, 20 March 2014

How to create a self-signed certificate in Windows server 2008/R2


Understanding self-signed certificate

When you're creating an ecommerce site, one of the first things you'll need to set up is a security certificate so that your server data will be secure. When you set this up, you have the option of creating a self-signed certificate or creating a certificate approved by a certificate authority. When you get a certificate created by yourself (Self-signed) or created by certificate authority (Eg : Verisign and godaddy) both certificates will generate a site that cannot be read by third-parties. The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed. In simple words you can say When you use a self-signed certificate, you are saying to your customers "trust me - I am who I say I am." When you use a certificate signed by a
Certificate authority (CA), you are saying, "Trust me – ‘Verisign/godaddy’ agrees I am who I say I am." Whereas self-signed certificate is used on a test environment and when you need the website to access internally. It is recommended to obtain certificate from CA when you go for commercial purpose.

Prerequisites

You must have installed the role IIS7/7.5 on your server.

Configuring self-signed certificate

1. Go to Start-> Administrative tools-> Internet information service (IIS) manager
2. Select your host name and from the left hand panel double click ‘Server certificate


















3. Now under Actions panel click on Create self-signed certificate



4.  Now it will ask you for a friendly name that can be specified for certificate. Type the certificate name that you required and click on OK.




















      5. Now you can see the a self-signed certificate is under server certificate












   








How to export the certificate from IIS

     1. Go to Start-> Administrative tools-> Internet information service (IIS) manager
     2. Select your host name and from the left hand panel double click ‘Server certificate’ now it will list all the    available  certificates.
     3. Select the certificate that you want to import and from right hand side Actions panel click on Export


















  
     4. The next windows will ask you for the location that you want to save the certificate Export to specify it and its must to specify the secure password for certificate specify as required and make sure that you note down this which is necessary when you will import this certificate into another server or network devices.






















    5. Click OK.
    
     How to Import the certificate
   
    1.  Go to Start-> Administrative tools-> Internet information service (IIS) manager 
    2.  Select your host name and from the left hand panel double click ‘Server certificate’ now it will list all the available certificates.
    3.  Select the certificate that you want to import and from right hand side Actions panel click on Import.



















   
    4. It will ask you to browse the certificate and its password, press OK and the certificate will be listed on server.



















   

    How to create a certificate request

   When you want to create a secure certificate for commercial websites it is must to obtain SSL certificate from a certificate authority. In order request you must create a certificate request. Here are the steps for that:

   1. Go to Start-> Administrative tools-> Internet information service (IIS) manager
   2. Select your host name and from the left hand panel double click ‘Server certificate' now it will list all the available certificates.
   3. Select the certificate that you want to import and from right hand side Actions panel  click on Create certificate request.


















   4. Specify the required information for the certificate that you want to create and click Next





















    5. Next window will ask you for cryptographic service details. Greater the bit length greater the security but it may affect the performance, click on Next




















    6. On the File Name page, type a file name in the Specify a file name for the certificate request text box, or click the browse button () to locate a file, and then click Finish.





















    Got a question? Feel free to post....









No comments:

Post a Comment