IIS (8/9)

Creating a self-signed certificate

IIS provides an easy way to create a self-signed certificate for testing purposes so we will show an example using such a certificate first before showing a more realistic example.

Certificates are managed for an entire server at a time and not for a specific website. To manage the certificates for the server go to the server you want to manage in the IIS manager. In our case this is the server called VM-WINDOWS8. Figure 1 shows the screen for the VM-WINDOWS8 server. You can see the Server Certificates icon on this screen. Clicking on this icon displays the screen on figure 2. This is a list of the installed certificates, which is initially empty.

Server Certificates icon
Figure 1: Server Certificates icon

Server Certificates
Figure 2: Server Certificates

To create a self-signed certificate select the "Create Self-Signed Certificate..." action. The dialog shown in figure 3 will be displayed. Give a name to your new certificate and select the certificate store in which it should be stored. The name is only use to identify the certificate so it can be anything you want. The "Web Hosting" certificate store was added specifically to hold the web server certificates so I recommend you use it in preference to the "Personal" certificate store.

New Self-Signed Certificate Dialog
Figure 3: New Self-Signed Certificate Dialog

For this example we call our certificate "SelfSignedCertificate1" and store it in the "Web Hosting" certificate store. After we add this new certificate it is displayed in the list of certificates for our server as shown in figure 4.

Server Certificates
Figure 4: Server Certificates

Enabling HTTPS access

Now that we have a certificate enabling HTTPS access to a website is straightforward. For this example we use the default website. HTTPS is simply set up by adding a new binding in much the same way we did on page 4 of this IIS tutorial. This time we do change the protocol to HTTPS instead of HTTP. We keep the default port for HTTPS which is 443. When we select the HTTPS protocol an additional field is displayed to select the certificate to be used to authenticate the site. We select the self-signed certificate we created in the previous section: SelfSignedCertificate1. This is shown in figure 5.

HTTPS Binding
Figure 5: HTTPS Binding

The bindings are now as displayed in figure 6. The default website can now be accessed either via the HTTP protocol or the HTTPS protocol.

Bindings with HTTPS
Figure 6: Bindings with HTTPS

If we now try to access the website using the URL: https://localhost, we are presented with the usual Internet Explorer warning page telling us there is an issue with the certificate. This is because the self-signed certificate generated wasn't issued for the domain name we used (localhost). Self-signed certificates generated by IIS are just for testing and therefore this doesn't matter much. We'll see later on how to get everything right so we don't get this warning. Figure 8 shows the page displayed after we ignore the warning and proceed. It also shows the details of the issue that was found with the certificate.

Certificate Warning Page
Figure 7: Certificate Warning Page

Certificate Warning Page
Figure 8: Certificate Warning Page

blog comments powered by Disqus

Copyright(c) 2006-2017 Xavier Leclercq | Privacy policy

Contact Us