Wednesday, November 29, 2006

self-signing certs in iis 6

Easiest way to do this is to download the IIS 6 Resource Kit Tools. Then find the site's id that will be assigned the cert. Search for the site's name in %SystemRoot%\System32\Inetsrv\MetaBase.xml, the id is the number appended in the Location attribute. For example:

<IIsWebServer Location="/LM/W3SVC/445577612" AuthFlags="0"
LogPluginClsid="{FF160663-DE82-11CF-BC0A-00AA006111E0}" SecureBindings=":443:"
ServerAutoStart="FALSE" ServerBindings=":80:" ServerComment="testsite" />

The id here is 445577612.

Then, the command to assign the self-signed cert is:

C:\Program Files\IIS Resources\SelfSSL>selfssl.exe /N:CN=SERV2003DEV /K:1024 /V:700 /S:445577612 /P:443

Where CN is the server's name, K is the key length, V is the number of days the cert is valid, S is the site id, P is the port.

I did this on Windows 2003 Server, so no idea if it works in XP.

No comments: