Reputation: 34188
Issue regarding Enabling SSL on IIS 7.0 Using Self-Signed Certificates
if we need to secure web site or use HTTPS for our web site then we need to use certificate at iis level. in development pc we often use Self-Signed Certificates which can be created very easily from IIS.
i visit this url http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx to learn how to create & use SSL for our site
after doing everything when we run or test the site in local pc then i feel Self-Signed Certificates does not work like real life certificate which people buy. here i am adding couple of picture from there you can see what kind of problem i am talking about.
just see the second picture and look at url. in case of ssl a lock sign come with green color.
so just guide me what else we need to do as a result Self-Signed Certificates just works like real life certificate in my pc. please discuss this in detail or redirect me to right article which can show what else to configure as a result browser address bar should properly reflect for SSL.
thanks
Upvotes: 0
Views: 226
Answers (2)
Reputation: 25341
In production website, you need to purchase an SSL certificate because your visitors' browsers cannot trust self-signed certificates as they cannot verify the issuer.
Having said that, for development and testing purposes, the behaviour you described is fine, but if you really need to get rid of the warning, you need to register the certificate in your local PC (all PCs that you don't want to see the warning on) and then use the same certificate for your website in IIS.
Follow this guide from step 2 onward, but here are the outlines:
First you need to copy the certificate to your local PC:
- In IIS, export the certificate to a file.
- Copy the file to your local PC.
- Use MMC to import the certificate from the file. Make sure you import it to Personal folder.
- Repeat the last two steps for all PCs.
Now that you have the certificate registered in your local PC, you need to tell your PC to trust it:
- View the certificate in MMC and go to the second "Details" tab.
- Scroll-down to the "Thumbprint" and selected it to display the certificate hash.
- Copy the has into the clipboard (the hash identifies your certificate).
- Open Notepad and paste the hash there.
- Remove all the spaces from the hash using the "Replace" feature in Notepad.
- Use the hash in the following command:
netsh http add sslcert ipport=0.0.0.0:443 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=PASTE_YOUR_CERT_HASH_HERE
Note: The "AppId" doesn't really matter, its just a GUID.
- In MMC, move the certificate from the Personal folder to the Trusted Root Certificates folder.
Upvotes: 1
Reputation: 149
The certificate works the same. The problem is that a self-signed certificate is not always included in the browser's Trusted Issuing authority. If your sole purpose is for development, you can follow this method here of adding your issuer (self) to trusted authority or adding the certificate itself as trusted.
Upvotes: 2
Related Questions
- How to Enable HTTPS in IIS using C#?
- Windows not accepting Self Signed SSL Certificate
- SSL Self-Signed Certificate
- IIS7 https on localhost Using Self-Signed Certificate
- IIS not using SSL certificates
- "Server 's certificate does not match the url " when using self signed certificates
- Self Signed SSL Certificate 403.7 Error
- How do I enable mutual SSL in IIS7 with a self-signed certificate?
- Self signed certificate IIS7 - The remote certificate is invalid according to the validation procedure
- self-signed certificate issue in IIS 7.0