Skip navigation
White letters Q  A imposed over red background

Generating Self-Signed SSL Certificates for IIS Servers

Q: We need to test new web content on one of our Microsoft IIS servers. The HTTP communications to the website are secured using SSL. How can I easily generate a self-signed SSL certificate for our web server so that I don't need to purchase a certificate from a commercial Certificate Authority (CA)?

A: You can generate a self-signed SSL server certificate from the IIS GUI or the Windows PowerShell command line. To generate it from the IIS GUI, open IIS Manager and navigate to the web server for which you want to create the certificate. In the Features view, double-click Server Certificates. Then in the Actions pane, click Create Self-Signed Certificate to bring up the Create Self-Signed Certificate page. On this page, you must type a friendly name for the certificate in the Specify a friendly name for the certificate text box, then click OK.

To generate a self-signed SSL server certificate from the PowerShell command line, you can use the command:

New-SelfSignedCertificate `
  -DnsName <DNS names> `
  -CertStoreLocation cert:Localmachine\My

In this command, you need to replace <DNS names> with the DNS name of your website. For example, to generate a self-signed SSL server certificate for, you'd run the command:

New-SelfSignedCertificate `
  -DnsName `
  -CertStoreLocation cert:Localmachine\My

If you want to enter multiple DNS names, you need to separate them with commas. You can find the complete syntax for this cmdlet in the TechNet New-SelfSignedCertificate web page.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.