Thursday, February 20, 2014

Creating a Self-Signed SSL Certificate in Windows without IIS (for SSRS, for instance)

Sometimes you have need for a SSL certificate on a Windows server when you don't have IIS installed.  Like when you want to install SQL Server Reporting Services (SSRS).

You could use OpenSSL, or download the 1+GB Windows SDK to get the makecert utility.  But those are troublesome, each in its own way.

Happily, it's still possible to use the IIS 6 resource kit's SelfSSL, even without having IIS installed.  And that's only a 5MB download.  Plus, you can install only the SelfSSL piece, which is something like 50kB.  Much, much better.

So, download it from this link.  Install it on the server you want, and then run selfssl as below:

Note two things:
  1. Run the command prompt as administrator
  2. You'll get an error, on account of not having IIS running on the server.
The error is OK:  the certificate is installed in the computer personal certificate store.  You can view it this way.

If trust is important on the server, you can use the /T switch for selfssl, and it will automatically add the certificate to the trusted root CA certificate folder, as well.


4 comments:

  1. You can also take a look here: http://stackoverflow.com/questions/19441155/how-to-create-a-self-signed-certificate-for-a-domain-name-for-development (the Powershell answers).

    Thank you!

    ReplyDelete
  2. Replies
    1. Good question. Windows doesn't store certificates like Linux does, in a directory that's easy to navigate. Instead, you access Windows certificates using a MMC plug-in. To run it, just run mmc, and then go to file-> Add/Remove Snap-in, and select Certificates.

      When you click on Add, it'll ask you if you want to use your personal or computer or service account. Select Computer.

      The newly-created cert will be in the Personal certificates store, there.

      Delete

Thanks for leaving a comment!