4/10/2018 - 4:43 PM

Setup HTTPS certificate

Steps to deploy to IIS a self signed https certificate

Followed these steps

First we will generate the private key and certificate of Certification Authority (CA). This certificate is to sign the certificate request (CSR).

You must complete all fields that are required in this process.

  • openssl req -config .\openssl.cnf -new -x509 -days 3650 -extensions v3_ca -keyout root-cakey.pem -out root-cacert.pem -newkey rsa:4096

Create the CRS that will be signed by the CA

  • openssl req -config .\openssl.cnf -new -nodes -out server-csr.pem -keyout server-key.pem -newkey rsa:4096 -sha256

Major issue due to chrome not recognizing the certificate Solved adding the parameter -extfile v3ext.txt in the following command

Now the certificate request is signed with the generated CA certificate.

  • openssl x509 -req -days 3650 -CA root-cacert.pem -CAkey root-cakey.pem -CAcreateserial -in server-csr.pem -out server-cert.pem -extfile v3ext.txt

The generated certificate must be exported to a .pfx file that can be imported into the IIS.

  • openssl pkcs12 -export -out server-cert.pfx -inkey server-key.pem -in server-cert.pem -certfile root-cacert.pem -name "Plan4U Self Signed Server Certificate"

Commands to show the content of certificates

  • openssl req -in server-csr.pem -noout -text
  • openssl x509 -text -in server-cert.pem -noout