I am looking at generating a self-signed certificate, and only allow users who has client certificate installed on my web server. I am using IIS 6.0 with selfSSL to generate my .pfx web server certificate.
i was looking at this atricle http://www.iisadmin.co.uk/?p=11&page=3 and it mentions about installing Client Certificate on Client Machine. How do i generate a Client certificate? do i use SelfSSL as well?
if i use SelfSSL do i Use
selfssl.exe /N:CN=ClientName /K:1024 /V:7 /S:1 /P:443
OR DO i install the same certificate installed on web server?
Best Answer
You can generate client certificates using the Microsoft makecert utility (this utility is available in the Windows SDK):
http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.80).aspx
For example, the following command line will create a self-signed certificate, with an exportable private exchange key, and place it in the client's personal certificate store.
In the event that the server does not trust this certificate, you will also have to add it to the server's Root Certificate Store, since it is self signed.