Wednesday, February 23, 2011

WIF : Self signed certificates

With WIF and ADFS, certificates cause endless problems.

The solution for IIS 7 is to use SelfSSl7.

It's a command line application e.g.

USAGE:
SELFSSL7.EXE [/N cn=name] [/K size] [/V days] [/T] [/I] [/S name] [/A I
PAddress] [/P port] [/X] [/F file] [/W password] [/Q]

CERTIFCATE PARAMETERS:
/N name Specifies the common name(s) of the certificate.
Computer name is used if not specified.
Example: /N cn=m1.contoso.com or /N cn=m1.contoso.com;cn=m2.contoso.com
/K size Specifies the key length. Default is 1024.
/V days Specifies the validity of the certificate in days.
Default is 30 days.

TRUST PARAMETERS:
/T Adds the self-signed certificate to user's "Trusted Certificates" list.

IIS PARAMETERS:
/I Add SSL binding to IIS.
Use with the following parameters:
/S name Specifies the name of the site. Default is "Default Web Site".
/A IP Specifies the IP address for the IIS binding. Default is *.
/P port Specifies the SSL port. Default is 443.

EXPORT PARAMETERS:
/X Export certificate to PFX file.
Use with the following parameters:
/F PFX file location.
/W password for PFX file.

OTHER PARAMETERS:
/Q Overwrites existing SSL binding and/or PFX file.

The default behavior is equivalent with:
selfssl7.exe /N cn="machine name" /K 1024 /V 30
/I /S "Default Web Site /P443 /A * /T


I normally use:

SelfSSL7 /V 90 /Q /X /F c:\xxx\Cert.pfx /W password /T

Enjoy!

1 comment:

Brother TN210M said...

Thanks! I really enjoyed reading your articles!