Ssl – How to create self-signed SAN certificate in IIS

iissslssl-certificate

Is it possible to create a self-signed SAN ssl certificate in IIS?
If so, how do I go about creating it? In IIS, I only see the option of creating a normal ssl certificate:

Best Answer

Unfortunately, IIS manager cannot create certificates or requests with SAN extension. You have to use something else. For example, PowerShell or certreq.exe tool (both are included in the box).

PowerShell

Minimum required parameters

New-SelfsignedCertificate `
    -DnsName "mysite.com","www.mysite.com" `
    -CertStoreLocation cert:\localmachine\my

More detailed parameters

New-SelfsignedCertificate -Subject "CN=www.mysite.com" `
    -DnsName "mysite.com","www.mysite.com" `
    -EKU "Server Authentication" `
    -KeySpec "KeyExchange" ` 
    -KeyUsage "DigitalSignature", "KeyEncipherment" `
    -FriendlyName "My web site"
    -NotAfter $([datetime]::now.AddYears(1)) `
    -CertStoreLocation cert:\localmachine\my

CertReq.exe

Prepare INF template file (with .inf file extension) with the following contents:

[NewRequest]
Subject = "CN=www.mysite.com"
KeyLength = 2048
KeyAlgorithm = RSA
ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider"
MachineKeySet = true
KeySpec = 1
KeyUsage = 0xa0
RequestType = Cert
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; server authentication
[Extensions] 
2.5.29.17 = "{text}" 
_continue_ = "dns=mysite.com&" 
_continue_ = "dns=www.mysite.com"

And then execute the following command against this INF file:

certreq -new path\myinftemplate.inf

Best Answer

PowerShell

Minimum required parameters

More detailed parameters

CertReq.exe

Related Solutions

Iis – Generating self-signed, wildcard certificate for IIS 7.5 on .local domain

Windows – How to create self signed wildcard (*.example.com) certificate

Related Topic