How to create self-signed SAN certificate in IIS?

ssl iis ssl-certificate
10,468

Solution 1

Unfortunately, IIS manager cannot create certificates or requests with SAN extension. You have to use something else. For example, PowerShell or certreq.exe tool (both are included in the box).

PowerShell

Minimum required parameters

New-SelfsignedCertificate `
    -DnsName "mysite.com","www.mysite.com" `
    -CertStoreLocation cert:\localmachine\my

More detailed parameters

New-SelfsignedCertificate -Subject "CN=www.mysite.com" `
    -DnsName "mysite.com","www.mysite.com" `
    -EKU "Server Authentication" `
    -KeySpec "KeyExchange" ` 
    -KeyUsage "DigitalSignature", "KeyEncipherment" `
    -FriendlyName "My web site"
    -NotAfter $([datetime]::now.AddYears(1)) `
    -CertStoreLocation cert:\localmachine\my

CertReq.exe

Prepare INF template file (with .inf file extension) with the following contents:

[NewRequest]
Subject = "CN=www.mysite.com"
KeyLength = 2048
KeyAlgorithm = RSA
ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider"
MachineKeySet = true
KeySpec = 1
KeyUsage = 0xa0
RequestType = Cert
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; server authentication
[Extensions] 
2.5.29.17 = "{text}" 
_continue_ = "dns=mysite.com&" 
_continue_ = "dns=www.mysite.com"

And then execute the following command against this INF file:

certreq -new path\myinftemplate.inf

Solution 2

What version of Windows? If it is a newer version of Windows, it would probably be easier to just open up powershell and use the New-SelfSignedCertificate commandlet. You can use the -DnsName to provide a list of all the names you want in your SAN.

Share:
10,468

Related videos on Youtube

Denise
Author by

Denise

Updated on September 18, 2022

Comments

  • Denise
    Denise over 1 year

    Is it possible to create a self-signed SAN ssl certificate in IIS? If so, how do I go about creating it? In IIS, I only see the option of creating a normal ssl certificate:

    enter image description here

  • Denise
    Denise over 6 years
    Hi, what's the difference between common name and DnsName? @Crypt32
  • Denise
    Denise over 6 years
    After using the powershell script, what command do I use to allow this script to run? Because it seems stuck after that.
  • Denise
    Denise over 6 years
    My powershell says the term new self-signed certifcate is not recognised as a cmdlet
  • Denise
    Denise over 6 years
    It's windows server 2012. I tried, but my powershell says the term new self-signed certifcate is not recognised as a cmdlet
  • Crypt32
    Crypt32 over 6 years
    Sorry, it was a typo in command name. Now the name is correct.
  • Greg W
    Greg W over 6 years
    Because the command is “New-SelfSignedCertificate” not “new self-signed certificate”.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

CRYPT_E_NOT_FOUND when importing certificate
Is it possible to apply a SSL Certificate without CSR
Can you install multiple SSL certificates on IIS?
How to install cer and p7b certificates to use in IIS?
Page can't be displayed with IIS and SSL
Missing "Server Certificates" icon in IIS8
IIS7 add certificate to site from command line
How do I import certificate (.CER) in IIS
Can you import a SSL certificate from another Windows IIS 7 server?
Why does Chrome complain about "obsolete cryptography"?