Windows – How to create self signed wildcard (*.example.com) certificate

certificateiissslwindows

I'm trying to install Dynamics CRM 2011 RC and configure it for Internet Facing Deployment.

One of the requirements for this is a wildcard SSL certificate. Since I'm installing development/testing server, I don't have a budget for real certificate. So…

What is the easiest way to create Self Signed Wildcard SSL Certificate in Windows?

Best Answer

There isn't an EASY way, but the two that come to mind are:

First, For a web certificate, download the IIS6 Resource Kit tools, and use the SelfSSL.exe tool, choose *.example.com as the name and it will install to the certification database. You should be able to pull out the public/private key and use it however you want.

Second, is a much much harder way, Download the latest version of OpenSSL, and you should be able to generate it through that - I have only ever used it for an entire CA setup and never for a single certificate.

I found instructions for Linux, and it should be similar for Windows. Link here, with a few modifications. If you want help with what is needed for a full CA and/or can't find what you need, let me know and I'll try to find it out for you.

Related Solutions

Cannot create self-signed SSL certificate with IIS 7

Check the permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder. On my domain joined W2k8 member server the permissions are set like so:

Everyone
List folder / read data
Read attributes
Read extended attributes
Create files /write data
Create folders / append data
Write attributes
Write extended attributes
Read permissions
This folder only

SERVER\Administrators Full Control This folder only

No inheritance

Additionally, all of the files in this folder have their own permissions. You may want to see if your self signed cert is being created and deleted when the access denied error appears.

Ssl – Mismatched address error on self-signed ssl certtificate

if the certificate CN or altName dnsName is 'localhost' then the browser will only accept a hostname of 'localhost' (and not something.localhost nor localhost.localdomain etc).

Best Answer

Related Solutions

Cannot create self-signed SSL certificate with IIS 7

Ssl – Mismatched address error on self-signed ssl certtificate

Related Topic