IIS6: Create/install SSL self-signed cert from command line
I want to automate the setup of SSL for a website in IIS6. It appears selfSSL and certutil can be used to do this but certificates are new to me and I'm unsure how to put them together.
From what I understand I need to:
- create a certificate
- assign the certificate to the website
- add a secure (SSL/443) binding to the website
I would also like to avoid creating a new certificate if the site cert has already been created. That way I don't end up with a bunch of redudant certs.
Answer
I would suggest you look at the IIS 6 Resource Kit: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17275
There is a tool in the resource kit called selfssl.exe - it automates the creation, assignment and even trusting of the newly created certificate. We use it quite a bit where I work to ensure that our dev boxes have certificates we can use during testing/development.
Here is the command line we use - it will create the cert (for localhost) using a key-size of 1024, trust it, and make it valid for ~10 years:
selfssl.exe /T /N:CN=localhost /K:1024 /V:3650
If you are hosting multiple sites, you will need to use the /S parameter to specify the site id you want to add the certificate to.
Note: this also works like a champ with IIS 5 on WinXP, but I have never tried it on any of the IIS 7 family.