Membership Membership:
Latest New User Latest: vpros
Past 24 Hours Past 24 Hours: 0
Prev. 24 Hours Prev. 24 Hours: 0
User Count Overall: 137

People Online People Online:
Visitors Visitors: 9
Members Members: 0
Total Total: 9

NakedMCSE Computer Tech Support Forums

So you have passed all of the exams and you are now out in the real world of windows servers, linux servers and freebsd servers faced with a tech support problem you have never seen before...

Find free online tech support in the forums below, respecting that advice is free, but work beyond advice is not...

The General forum is provided for off topic discussion.

You need a user account to post - please Register or Login.

Online Tech Support Forums
  Forum  Microsoft Tech ...  Windows Server ...  Creating a Self Signed Certificate on Windows
Disabled Previous
Next Disabled
New Post 3/18/2016 5:03 PM
119 posts
10th Level Poster

Creating a Self Signed Certificate on Windows 

Sometimes when you are setting up things like a webserver or SSTP vpn it can be useful to test with a self signed certificate before buying a real one.  This is how to create one in Windows.

First you need to create a template text file describing the certificate you want - it should look something like this:

; At least one value must be set in this section
Subject = "CN=mydomain.example"
KeyLength = 2048
KeyAlgorithm = RSA
HashAlgorithm = sha256
;MachineKeySet = true
RequestType = Cert
UseExistingKeySet=false ;this generates a new private key (for export)
Exportable = true ;this makes the private key exportable

CN should be set to either the DNS name of the machine, or the IP address if you will be using that to connect instead.

Then open up a command prompt and issue the following command :
certreq -new template.txt RequestFileOut

This will generate a self signed certificate in your personal user store.  You can view it using the cerificates snapin for your user account or from the command line:
certutil -store -user my

To be useful for either a webserver or SSTP connection you will need to export the certificate and import it into the local machine store.  Do the following at the command line:
certutil -exportpfx -user mydomain.example CERT.pfx NoChain

If you will be using it for SSTP, then import it into the personal store of the local machine using the certificates mmc snapin.
If you will be using it for IIS, then import it into the webserver store of the local machine using the certificates mmc snapin.
Finally you will also have to import it into the Trusted Root CA store of the local machine, which you will also need to do on each of the client machines you wish to connect with it.


Disabled Previous
Next Disabled
  Forum  Microsoft Tech ...  Windows Server ...  Creating a Self Signed Certificate on Windows
Send me One Million FREE Guaranteed Visitors