Difference between revisions of "Self-signed Certificate"
From MgmtWiki
(→Solution) |
(→on Windows with IIS) |
||
Line 18: | Line 18: | ||
#Enter the friendly name you wish to use to identify the certificate, and then click OK. | #Enter the friendly name you wish to use to identify the certificate, and then click OK. | ||
#You now have an IIS Self Signed Certificate, valid for one year, which will be listed under Server Certificates. The common name, is the server name. | #You now have an IIS Self Signed Certificate, valid for one year, which will be listed under Server Certificates. The common name, is the server name. | ||
+ | #PS Cert:\currentUser\my> New-SelfsinedCertificate -DnsName "trustregistry.us" -KeyUsage DigitalSignature -KeyExportPolicy Exportable -KeyAlgorithm RSA -KeyLength 2048 | ||
+ | |||
+ | #This command does not specify the NotAfter parameter. Therefore, the certificate expires in one year. | ||
==References== | ==References== |
Revision as of 10:12, 20 May 2020
Contents
Full Definition or Meme
An Authority root-of-trust is a Self-signed Certificate.
Context
Federation or public chain of trust is rooted in a Self-signed Certificate.
Solution
It is important is most cases that you understand the location where the cert will be installed.
on Windows Powershell
- Context - you can run powershell with admin credentials.
- Navigate to targeted directory. for example PS C:\WINDOWS\system32> cd cert:\currentUser\my
- A directory listing of that particular directory will show all of the certs used create a root of trust.
on Windows with IIS
- Context Windows IIS 7 that contains the service that needs a SSL certificate (will go to localmachine\my
- Click on the Windows icon in the taskbar, Search for IIS, and open Internet Information Services (IIS) Manager.
- Click on the name of the server in the Connections column on the left. Double click the Server Certificates icon.
- In the Actions column on the right hand side, click on Create Self Signed Certificate.
- Enter the friendly name you wish to use to identify the certificate, and then click OK.
- You now have an IIS Self Signed Certificate, valid for one year, which will be listed under Server Certificates. The common name, is the server name.
- PS Cert:\currentUser\my> New-SelfsinedCertificate -DnsName "trustregistry.us" -KeyUsage DigitalSignature -KeyExportPolicy Exportable -KeyAlgorithm RSA -KeyLength 2048
- This command does not specify the NotAfter parameter. Therefore, the certificate expires in one year.