IIS6: Create/install SSL self-signed cert from command line
I would suggest you look at the IIS 6 Resource Kit: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17275
There is a tool in the resource kit called selfssl.exe - it automates the creation, assignment and even trusting of the newly created certificate. We use it quite a bit where I work to ensure that our dev boxes have certificates we can use during testing/development.
Here is the command line we use - it will create the cert (for localhost) using a key-size of 1024, trust it, and make it valid for ~10 years:
selfssl.exe /T /N:CN=localhost /K:1024 /V:3650
If you are hosting multiple sites, you will need to use the /S
parameter to specify the site id you want to add the certificate to.
Note: this also works like a champ with IIS 5 on WinXP, but I have never tried it on any of the IIS 7 family.
If you're using Wix for authoring your setup, then running this CustomAction (which simply runs SelfSSL) will do the trick for you:
<CustomAction Id="InstallCert" ExeCommand="selfssl.exe /N:CN=fqdn.myserver.com /V:365" /> <InstallExecuteSequence> <Custom Action="InstallCert" After="InstallFinalize" /> </InstallExecuteSequence>
This action will:
- Generate the certificate
- Install the certificate to
Default Web Site
- Add the https binding
Command line explained:
/N:CN=[fully qualified server name]/V: = Validity in days (365 in my example)
You can specify port with /P:[port number]
switch. The default is 443 which is what you want so you can leave it out.
Caveat: There seems to be bug with SelfSSL which seems to have been resolved.
If you still run into it, alternative is to switch to SSLDiag
tool which has a similar syntax:
SSLDiag.exe /selfssl /n:CN=fqdn.myserver.com /v:365
I do not have experience with other setup authoring tools (InstallShield etc.) but I'm sure they have provisions to run commandline programs. Worst case, you can run this through a batch file!
Hope this helps.