Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Create Self-Signed Certificate for IP Address (not domain) hosted on IIS

byMR
May 7, 2022

I’m trying to create a Self-Signed Certificate for an IP Address (not domain) using windows OS, but without any luck.

Also I would like to bind this certificate to my API which I’m hosting on IIS on our companies server.

Can somebody please advise how to do so?

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

1) Download OpenSSL tool

2) cmd: Navigate to OpenSSL folder

  • open cmd (run as administrator).
  • cd to bin/ folder where openssl.exe is located (in extracted folder above).

Note: following steps mostly from this article: Creating a Self-Signed Certificate With OpenSSL.

3) Creating a Private Key

  • openssl genrsa -des3 -out domain.key 2048
  • then enter a password when prompted

4) Creating a Certificate Signing Request

  • command in this step is a bit different than in article:
    openssl req -key domain.key -new -out domain.csr -config "path_of_openssl.cnf_file"

  • enter your private key password and some CSR information to complete the process.

  • An important field is “Common Name” which should be the exact Fully Qualified Domain Name (FQDN) of your domain.

  • “A challenge password” and “An optional company name” can be left empty.

5) Creating a Self-Signed Certificate

  • A self-signed certificate is a certificate that’s signed with its own private key.
  • Let’s create a self-signed certificate (domain.crt) with our existing private key and CSR:
    openssl x509 -signkey domain.key -in domain.csr -req -days 365 -out domain.crt

6) Convert Certificate Formats (PEM to PKCS12)

  • PKCS12 files, also known as PFX files, are usually used for importing and exporting certificate chains in Microsoft IIS.
  • Take your private key and certificate, and combine them into a PKCS12 file:
    openssl pkcs12 -inkey domain.key -in domain.crt -export -out domain.pfx
    read more: Difference between .pfx and .cert certificates

7) Bind Certificate with API on IIS

8) Share Certificate with client

  • Share .crt with your clients, and ask them to add it to their list of Trusted Root Certificate Authorities (so that they can establish trusted communication with your domain).
    read more: How to Export and Import a Self-Signed Certificate for Disconnected Devices
  • To check installed certificates: Press Windows Key + R (together) → certmgr.msc.
    You will get a new window with the list of Certificates installed on your computer.
  • Go to “Trusted Root Certificate Authorities” → right-click “Certificates” → “All Tasks” → “Import” → browse your .crt file.
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading