How to create a self-signed certificate for a domain name for development?

Question

I have subdomain.example.com that I use for development purposes. My web application solution contains a web API etc, that I need to call from external systems,

Answer 1

I ran into this same problem when I wanted to enable SSL to a project hosted on IIS 8. Finally the tool I used was OpenSSL, after many days fighting with makecert commands.The certificate is generated in Debian, but I could import it seamlessly into IIS 7 and 8.

Download the OpenSSL compatible with your OS and this configuration file. Set the configuration file as default configuration of OpenSSL.

First we will generate the private key and certificate of Certification Authority (CA). This certificate is to sign the certificate request (CSR).

You must complete all fields that are required in this process.

1. openssl req -new -x509 -days 3650 -extensions v3_ca -keyout root-cakey.pem -out root-cacert.pem -newkey rsa:4096

You can create a configuration file with default settings like this: Now we will generate the certificate request, which is the file that is sent to the Certification Authorities.

The Common Name must be set the domain of your site, for example: public.organization.com.

2. openssl req -new -nodes -out server-csr.pem -keyout server-key.pem -newkey rsa:4096

Now the certificate request is signed with the generated CA certificate.

3. openssl x509 -req -days 365 -CA root-cacert.pem -CAkey root-cakey.pem -CAcreateserial -in server-csr.pem -out server-cert.pem

The generated certificate must be exported to a .pfx file that can be imported into the IIS.

4. openssl pkcs12 -export -out server-cert.pfx -inkey server-key.pem -in server-cert.pem -certfile root-cacert.pem -name "Self Signed Server Certificate"

In this step we will import the certificate CA.

5. In your server must import the CA certificate to the Trusted Root Certification Authorities, for IIS can trust the certificate to be imported. Remember that the certificate to be imported into the IIS, has been signed with the certificate of the CA.

   • Open Command Prompt and type mmc.
   • Click on File.
   • Select Add/Remove Snap in....
   • Double click on Certificates.
   • Select Computer Account and Next ->.
   • Select Local Computer and Finish.
   • Ok.
   • Go to Certificates -> Trusted Root Certification Authorities -> Certificates, rigth click on Certificates and select All Tasks -> Import ...

• Select Next -> Browse ...
• You must select All Files to browse the location of root-cacert.pem file.
• Click on Next and select Place all certificates in the following store: Trusted Root Certification Authorities.
• Click on Next and Finish.

With this step, the IIS trust on the authenticity of our certificate.

6. In our last step we will import the certificate to IIS and add the binding site.

   • Open Internet Information Services (IIS) Manager or type inetmgr on command prompt and go to Server Certificates.
   • Click on Import....
   • Set the path of .pfx file, the passphrase and Select certificate store on Web Hosting.

• Click on OK.

• Now go to your site on IIS Manager and select Bindings... and Add a new binding.

• Select https as the type of binding and you should be able to see the imported certificate.

• Click on OK and all is done.