Generating Self-Signed SSL Certificates for IIS Servers

Q: We need to test new web content on one of our Microsoft IIS servers. The HTTP communications to the website are secured using SSL. How can I easily generate a self-signed SSL certificate for our web server so that I don't need to purchase a certificate from a commercial Certificate Authority (CA)?

A: You can generate a self-signed SSL server certificate from the IIS GUI or the Windows PowerShell command line. To generate it from the IIS GUI, open IIS Manager and navigate to the web server for which you want to create the certificate. In the Features view, double-click Server Certificates. Then in the Actions pane, click Create Self-Signed Certificate to bring up the Create Self-Signed Certificate page. On this page, you must type a friendly name for the certificate in the Specify a friendly name for the certificate text box, then click OK.

To generate a self-signed SSL server certificate from the PowerShell command line, you can use the command:

New-SelfSignedCertificate `  -DnsName  `  -CertStoreLocation cert:LocalmachineMy

In this command, you need to replace with the DNS name of your website. For example, to generate a self-signed SSL server certificate for mywebserver.company.net, you'd run the command:

New-SelfSignedCertificate `  -DnsName mywebserver.company.net `  -CertStoreLocation cert:LocalmachineMy

If you want to enter multiple DNS names, you need to separate them with commas. You can find the complete syntax for this cmdlet in the TechNet New-SelfSignedCertificate web page.