Video - Create Self Signed Certificate and Bind in IIS

12 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€95.03
List Price:  €133.05
You save:  €38.01
£79.15
List Price:  £110.82
You save:  £31.66
CA$139.67
List Price:  CA$195.55
You save:  CA$55.87
A$153.55
List Price:  A$214.98
You save:  A$61.42
S$134.39
List Price:  S$188.16
You save:  S$53.76
HK$778.22
List Price:  HK$1,089.54
You save:  HK$311.32
CHF 88.36
List Price:  CHF 123.71
You save:  CHF 35.34
NOK kr1,105.21
List Price:  NOK kr1,547.34
You save:  NOK kr442.12
DKK kr708.87
List Price:  DKK kr992.45
You save:  DKK kr283.57
NZ$170.45
List Price:  NZ$238.64
You save:  NZ$68.18
د.إ367.26
List Price:  د.إ514.18
You save:  د.إ146.92
৳11,959.01
List Price:  ৳16,743.10
You save:  ৳4,784.08
₹8,452.40
List Price:  ₹11,833.70
You save:  ₹3,381.29
RM446.45
List Price:  RM625.05
You save:  RM178.60
₦168,042.19
List Price:  ₦235,265.79
You save:  ₦67,223.60
₨27,819.88
List Price:  ₨38,948.94
You save:  ₨11,129.06
฿3,466.55
List Price:  ฿4,853.31
You save:  ฿1,386.76
₺3,454.83
List Price:  ₺4,836.90
You save:  ₺1,382.07
B$580.99
List Price:  B$813.41
You save:  B$232.42
R1,812.36
List Price:  R2,537.39
You save:  R725.02
Лв185.85
List Price:  Лв260.20
You save:  Лв74.35
₩140,106.88
List Price:  ₩196,155.24
You save:  ₩56,048.35
₪373.41
List Price:  ₪522.79
You save:  ₪149.38
₱5,905.80
List Price:  ₱8,268.36
You save:  ₱2,362.56
¥15,438.71
List Price:  ¥21,614.81
You save:  ¥6,176.10
MX$2,034.25
List Price:  MX$2,848.03
You save:  MX$813.78
QR364.93
List Price:  QR510.92
You save:  QR145.98
P1,367.12
List Price:  P1,914.02
You save:  P546.90
KSh12,923.70
List Price:  KSh18,093.70
You save:  KSh5,170
E£4,964.56
List Price:  E£6,950.58
You save:  E£1,986.02
ብር12,476.97
List Price:  ብር17,468.25
You save:  ብር4,991.28
Kz91,223.61
List Price:  Kz127,716.70
You save:  Kz36,493.09
CLP$97,372.26
List Price:  CLP$136,325.06
You save:  CLP$38,952.80
CN¥724.09
List Price:  CN¥1,013.76
You save:  CN¥289.66
RD$6,035.83
List Price:  RD$8,450.41
You save:  RD$2,414.57
DA13,357.64
List Price:  DA18,701.23
You save:  DA5,343.59
FJ$226.99
List Price:  FJ$317.80
You save:  FJ$90.80
Q772.55
List Price:  Q1,081.60
You save:  Q309.05
GY$20,937.04
List Price:  GY$29,312.70
You save:  GY$8,375.65
ISK kr13,828.61
List Price:  ISK kr19,360.61
You save:  ISK kr5,532
DH999.72
List Price:  DH1,399.66
You save:  DH399.93
L1,820.82
List Price:  L2,549.22
You save:  L728.40
ден5,848.08
List Price:  ден8,187.54
You save:  ден2,339.46
MOP$802.33
List Price:  MOP$1,123.29
You save:  MOP$320.96
N$1,815.10
List Price:  N$2,541.22
You save:  N$726.11
C$3,682.57
List Price:  C$5,155.75
You save:  C$1,473.17
रु13,507.81
List Price:  रु18,911.48
You save:  रु5,403.66
S/379.77
List Price:  S/531.69
You save:  S/151.92
K402.86
List Price:  K564.02
You save:  K161.16
SAR375.38
List Price:  SAR525.55
You save:  SAR150.16
ZK2,769.51
List Price:  ZK3,877.43
You save:  ZK1,107.91
L472.94
List Price:  L662.13
You save:  L189.19
Kč2,407.85
List Price:  Kč3,371.09
You save:  Kč963.24
Ft39,078.98
List Price:  Ft54,712.13
You save:  Ft15,633.15
SEK kr1,102.90
List Price:  SEK kr1,544.10
You save:  SEK kr441.20
ARS$100,263.16
List Price:  ARS$140,372.43
You save:  ARS$40,109.27
Bs693
List Price:  Bs970.23
You save:  Bs277.22
COP$441,313.30
List Price:  COP$617,856.28
You save:  COP$176,542.97
₡50,820.06
List Price:  ₡71,150.12
You save:  ₡20,330.05
L2,528.86
List Price:  L3,540.51
You save:  L1,011.64
₲783,733.33
List Price:  ₲1,097,258.01
You save:  ₲313,524.68
$U4,278.05
List Price:  $U5,989.44
You save:  $U1,711.39
zł413.19
List Price:  zł578.49
You save:  zł165.29
Already have an account? Log In

Transcript

Greetings, I'm Professor Kay. And in this short video presentation, we're going to see how we go about creating a self signed certificate using IIS. To help keep the link to this video manageable, I'm going to ask that everyone refer to the lab file. For more information on why we would do a self signed certificate up in IIS, and what the advantages and the disadvantages are. For this demonstration, I will be using server 2016. But the procedure is exactly the same for server 2012.

Now I'm up inside of Server Manager and I'm going to need an installation of IIS. To begin this process. I'm going to click on Manage. I'm going to go to add Roles and Features. We're going to quickly step through the ones wizard until we get down to the required roles that we need. I've got the right server selected, we're going to go ahead and say next.

And here underneath the roles, I'm going to scroll on down till I come to web server IIS. I'm gonna check that box, we're going to add the features, and we're going to click Next, we're going to click Next. Again, here's some information about is we're going to click Next. On this next page, we see the additional role services we can install prior is, we don't need any so let's just click Next. Say next, and we're going to click on the install. But this begins the installation process for web services is installation has completed so I'm going to go ahead and click on the close button.

That brings us back to the Server Manager. We're now ready to begin the process of creating that self signed certificate. To do this, I'm going to go to Tools. And I'm going to scroll on down here to where it says Internet Information Services IIS Manager. We're going to click on that. That's going to open up up the IIS Management Console.

I've made the console window go fullscreen. And we're going to begin by clicking on the name of our server. Inside the center window, we're going to find server certificates. Once you've located server certificates, go ahead and just double click it over to the far right where it says actions, we're going to click on where it says create a self signed certificate. On his first page of the wizard, we need to come up with a user friendly name for our certificate. Now, I recommend that you think about how you're going to apply this certificate, and you name it so that you can easily recognize it.

So I'm going to call this one application underscore testing. Now this is going to be a personal certificate. If this was going to be assigned to a web server, then I would pull down the window and I would select web hosting. All we have to do now and just click on the OK button. And our certificate now appears in the center window pane. So the name of my self signed certificate is application underscore testing.

It was issued to DC one, and it was issued by DC one. Here's the expiration date, it's usually about a year out from the time the self signed certificate is issued. We're now ready to make our way to the certificate store so that we can view the certificate. Make sure you click inside the window of yours, server 2016. And now you're going to hold down the Windows key and hit r at the same time. This brings up the run line so that we can get to the certificate store we first need to get up inside of the Microsoft Management Console.

To do this, where it says open I'm going to type in an MC. I'm going to hit enter. That brings up the Microsoft Management Console. up inside of the Microsoft Management Console. We're going to go to File, we're going to go to add remove snap in. On this next window underneath the available snap ins.

We're going to find certificates and we're going to click on Add, we're going to accept the default for my user account. And we're going to click Finish. We're now going to click OK. Notice that the certificate store is now available to us up inside of the Microsoft Management Console. We can now expand the certificates store. And here we'll see all the different containers that are available for all the different certificates that we have available to us. I've expanded the left window pane just a little bit so you can see what's going on.

Now if we go to the trusted root certification authorities and we expand that and click on certificates, over in the left window pane, you will see the certificate that we created is called Vc one.us. Cyber offense comm we're now going to deploy or export the certificate to our desktop. To do this, I'm just going to right click on the name of the certificate, go to all tasks and select Export. This brings up the certificate Export wizard, we're just going to step through, click Next. Yes, I want to export the private key, we're going to select that option. We're going to click Next.

We're going to leave the defaults here, everything's checked for us already. Click Next. And here we're going to create a password for the certificate. I'm going to check the password box. Now I'm going to type in a password, the users will need this password to be able to install this certificate locally into their certificate store. Once I have my password typed in, I'm going to click Next.

This next step might be a little confusing, but we're not going to type in a file name yet, we're first going to click on the Browse button. I need to save the certificate to my desktop. So I'm going to select the desktop as my destination. And now where it says file name, I can now give this certificate a file name. I've given this file the name of application. So I'm going to click on Save.

That brings me back to the That box for the filename, we're going to click on Next. We're now ready to click the Finish button. So let's go ahead and do that an export was successful. Before we minimize our console window. Let's go ahead and take a look at this certificate. Now you can take a look at this certificate by just double clicking it.

And this tells you all about it. You got the details, the certificate path, all that good stuff that users would want to know about before they install the certificate. We're now ready to minimize our console window. And we're back up inside of the IIS Management Console. Divine this certificate to a site or sites up and set up is I'm just going to expand the sites container and you'll see that I have a default website. We're just going to click on that.

And over here all the way to the right underneath the actions window. We can click on bindings. We can now click on add in the Add site bindings window, we're going to pull down the type. And we're going to select HTTPS. We're gonna leave everything out there as a default, underneath the hostname, we're going to type in the exact name that we gave the certificate when we created it, where it says SSL certificate, we're going to pull down that window, and we're going to select the name of the certificate we created. It was called application testing.

I'm now going to select, I'm going to say OK, I'm not going to say OK, and you'll notice that our certificate is now bound to our default website. Now, one of the disadvantages of using a self signed certificate created up inside is is that we don't have the automation that we get with a PK AI infrastructure with a PK infrastructure that is to say a certificate server. We could direct users to the web page or that certificate server and they could automatically download and install That certificate. But in our case, since we're using a self signed certificate, it's not going to be trusted by any web browser. So when the user does come to the website, they will see this warning. And they'll have the option to be able to continue on to the website.

But each time they come to the website, they're going to have to step through this process. Unless we install or they install the certificate into their local certificate store. We can go ahead and close this out. I'm going to go ahead and minimize this. minimize this. And we're back to our desktop.

And here we see the certificate that we exported. If you right click on it, you'll see that you can open the certificate to view it, but you can also install the certificate. So if we were to make this certificate available onto a user's desktop, we could then install the certificate into the user certificate store and start The trusted Certification Authority container. That way each time the user accesses the internal website, they will not be told that the certificate comes from an untrusted source. To do this, all they have to do is right click and select install, like so. And they can step through the wizard current user.

That is correct. Next, this is just confirming the path to the certificate that is sitting on the user's desktop. We now have to type in the certificate password that we created when we generated the self signed certificate. Once we've typed in the certificate password, we can leave everything else as the default and click on the next button. On this next screen, we have to move the radio button down to the second option to place all certificates in the following store. We're not click on the Browse button, we need to import the certificate into the same container that we exported it from on our server To do this, we just select the trusted root certification authorities.

Click ok. You can click Next. And now you have the completing the certificate import wizard. Once you click finish, you will be told that the import was successful. So in this video demonstration, you got to see how we go about creating a self signed certificate using IIS. And now that was pretty down and dirty. And we didn't have to worry about creating our PK AI or creating a certificate service to run on our network.

And so an application of this sort is fine if we need a certificate very quickly to allow an application to run or to allow users to have access to a website. Now the caveat about all this is that this is great for internal. We wouldn't want to be doing this for an external web server, or any application that has to be trusted outside of our network with that being Said users should never install a certificate from an unknown source. In practice, you should only install a certificate locally if you generated it, because no legitimate website would require you to perform such steps as we performed in getting this certificate accepted by our browser. One last thing before we get out of here, this certificate warning that we're seeing up here inside of the browser when a user accesses the website for the first time, that is going to be shown to you inside of IE and Chrome.

Now for Firefox, it's completely different because Firefox does not access the windows certificate stores. for Firefox, you'll need to go into your trusted sites and add this website as an exception. That's going to conclude this short video presentation on how we go about creating a self signed certificate. So if you have any questions or you have any concerns about any of the content, of this video or anything The information inside the lab file please don't hesitate to reach out and contact your instructor and I'll see you in my next video.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.