[XenoCafe Logo] Click for Homepage
Home Tutorials Forum Blog Advertising Links Contact About



Creating a Self Signed Certificate for IIS
Part 2 - Signing Your Certificate with KeyMan

Written by Tony Bhimani
April 19, 2004

Requirements
Microsoft Windows XP
Microsoft IIS 5.1
KeyMan - which is available for download at http://www.alphaworks.ibm.com/tech/keyman

This is part two to creating a self signed certificate to be used with the Microsoft IIS web server.

First you will need to download the KeyMan tool from the link provided above. Once you have downloaded it, install it and you can access it from the Start Menu or from your Desktop. Double click on the KeyMan icon on your Desktop.

The KeyMan tool will open and you have two choices. Click the Create new button.

Select the PKCS#12 option and click the green check button.

First thing we need to do is generate a key. Click on the Actions menu and click Generate Key.

Select RSA and 1024 bits and click the green check button.

It will generate our key and you should see the following in KeyMan.

Next we need to create our Certificate Provider certificate. If we were creating a real signing request, we wouldn't even be doing this step. We would send a Certificate Authority our request and they would sign it for us. Click the Actions menu and select Create Certificate.

Select Self signed certificate and click the next arrow.

We will populate our certificate with some values. You can enter anything you want here. I left Expires as one year whereas you can specify up to 20 years. Choose a year or leave it as one year. Click the green check button.

You can leave the label blank or enter something. It's optional so it's up to you. I left it blank. Click the green check button.

You should now see your Certificate Provider certificate.

We're almost done. Now that we have a Certificate Authority certificate and our signing request, we can actually sign the request IIS made for us. Click the Actions menu and select Create Certificate again.

This time we select Sign a PKCS#10 request. Click the next arrow.

Select the Load PKCS#10 option and specify the path to your certificate request file or use the browse button to select it. Click the next arrow.

KeyMan reads the information from our request file and displays it to us. Everything looks good. Click the next arrow.

Select the Save certificate to file option and specify a path and file name for your signed certificate. I use the .cer extension because that is what IIS will be expecting. I use the root directory to keep things simple. You might want to create a directory specifically for your certificates. DO NOT make your folder available in your web site's web space. Keep it somewhere outside the web root. When you are done click the green check button.

We have just finished signing our certificate request. It is now ready to be used by IIS.



How would you rate the usefulness of this content?

Poor 1
 2
 3
 4
 5
 6
 7
 8
 9
 Outstanding

Optional: Tell us why you rated the content this way.
Characters remaining: 1024
Average rating: 8.26 out of 9.

1 2 3 4 5 6 7 8 9
23 people have rated this content.
[ Previous Page ] [ 1 ] [ 2 ] [ 3 ] [ Next Page ] This page has been viewed 20,471 times
Copyright © 2004-2008 XenoCafe. All Rights Reserved. XenoCafe is Powered by Linux. Free your mind and your wallet. Switch to Linux.