RSS

Tag Archives: certificate

Configure IIS-Hosted WCF to Run On SSL

It’s possible to run IIS-hosted WCF locally, with SSL.

Here’s the full guide: Configure an IIS-hosted WCF service with SSL.

To generate self-signed trusted SSL certificate, see How to Create Valid and Trusted SSL Certificate (Wildcard) for Development.

Just in case you need it, for web application to run on IIS Express with SSL, see: Enable SSL in IIS Express

Advertisements
 
Leave a comment

Posted by on May 29, 2015 in General

 

Tags: , , ,

Enable SSL in IIS Express

It’s possible, fairly easy too. I am running Visual Studio 2013.

Highlight Web project from your Solution Explorer.

enable-ssl-in-iis-express-1

Under “View” menu, click on “Properties Window” (CTRL + W, P). Then, change “SSL Enabled” property to True

enable-ssl-in-iis-express-2

The first you run the web application, you will be shown a warning message that you run on SSL. Then, Security Warning message to install certificate, just “Yes” it out.

enable-ssl-in-iis-express-3

You can now browse to HTTPS of the web app by clicking on the IIS Express. The port of HTTPS address may be different than non-SSL.

enable-ssl-in-iis-express-4

Your browser may show untrusted SSL certificate. If you prefer trusted SSL certificate, you can generate this yourself. How to Create Valid and Trusted SSL Certificate (Wildcard) for Development.

For configuring IIS-hosted WCF to run on SSL, see Configure IIS-Hosted WCF to Run On SSL.

 
Leave a comment

Posted by on April 30, 2015 in General

 

Tags: , ,

How to Create Valid and Trusted SSL Certificate (Wildcard) for Development

For development purpose, sometime you need trusted SSL certificate that won’t give you certificate validation error. To avoid this problem, you can buy valid certificate from trusted CA. Another way is to create your own. This will guide you how to create trusted root certificate authority and self-signed certificate.

Tools

Following are required tools:

  • makecert.exe
  • pvk2pfx.exe

Both of these files can be found in your Microsoft SDKs folder, or try search in one of the following folder. If your machine is 32-bit, search under “Program Files (x86)” folder instead.

  • C:\Program Files\Microsoft SDKs\Windows\
  • C:\Program Files\Microsoft Visual Studio 8\
  • C:\Program Files\Microsoft Visual Studio 11.0\
  • C:\Program Files\Windows Kits\
  • C:\Program Files\Microsoft.NET\SDK\
  • C:\Program Files (x86)\Microsoft Visual Studio 9.0\
  • C:\Program Files (x86)\Microsoft Visual Studio 8\

Preparation

It’s a good idea to create a new folder and place all files in the new folder. When running the commands to create the certificates, run it under the new folder as well.

Root Certificate Authority

C:\DevCert> makecert.exe -r -n "CN=dev.root" -pe -sv dev.root.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -cy authority dev.root.cer
C:\DevCert> pvk2pfx.exe -pvk dev.root.pvk -spc dev.root.cer -pfx dev.root.pfx

You can change certificate name, valid to and valid from dates (-n “CN=dev.root”, -b 01/01/2014, -e 12/31/2200, respectively), to whatever you like.
You may be prompted to create a password. This is the password to your private key.

This command will generate 3 certificates:

  • dev.root.cer (certificate)
  • dev.root.pvk (private key)
  • dev.root.pfx (certificate containing private key)

Install “dev.root.cer” root certificate to the store (Computer Account), under “Trusted Root Certification Authorities” folder.

SSL Certificate

C:\DevCert> makecert.exe -iv dev.root.pvk -ic dev.root.cer -n "CN=dev.site" -pe -sv dev.site.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -sky exchange dev.site.cer -eku 1.3.6.1.5.5.7.3.1
C:\DevCert> pvk2pfx.exe -pvk dev.site.pvk -spc dev.site.cer -pfx dev.site.pfx

You can change certificate name, valid to and valid from dates (-n “CN=dev.site”, -b 01/01/2014, -e 12/31/2200, respectively), to whatever you like.
You may be prompted to create a password. This is the password to your private key.

This command will generate 3 certificates:

  • dev.site.cer (certificate)
  • dev.site.pvk (private key)
  • dev.site.pfx (certificate containing private key)

Wildcard Certificate

You can create a wilcard certificate by prepend “*” (asterisk) on certificate name, for example:

C:\DevCert> makecert.exe -iv dev.root.pvk -ic dev.root.cer -n "CN=*.dev.site" -pe -sv w.dev.site.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -sky exchange w.dev.site.cer -eku 1.3.6.1.5.5.7.3.1

Installation

In Certificate snap-in of Management Console (mmc):

  • For root CA certificate, “dev.root.cer” must be imported into “Trusted Root Certification Authorities” folder.
  • For regular (or wildcard) certificate, “dev.site.pfx” must be imported into “Personal” folder.

SSL / TLS Usage

To use certificate as SSL certificate, the CN name must match host name of the site. For example, if the site has host name “dev.site”, the certificate CN’s name must also be “dev.site”.

To use wildcard certificate in multiple sites as SSL certificate for the same IP address, it must have valid host name (ie, *.dev.site). With this approach, each site using the wildcard certificate must have different host name (ie, blog.dev.site and news.dev.site).

 
2 Comments

Posted by on August 13, 2014 in General

 

Tags: , , , ,

Certificate Files: .Cer x .Pvk x .Pfx

So, what are the differences between .cer, .pvk and .pfx certificate files?

In Windows platform, these file types are used for certificate information. Normally used for SSL certificate and Public Key Infrastructure (X.509).

CER

CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public and private certificate keys. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), Windows will recognize either of these layout.

This file can be generated using Certificate Creation Tool (makecert.exe) as shown in the link below.

SPC

Beside CER, there’s also SPC file, which is Software Publisher Certificate. It’s a different representation of certificate in PKCS #7 format.

You can generate a SPC file from a CER file.

PVK

Stands for Private Key. Windows uses PVK files to store private keys for code signing in various Microsoft products. PVK is proprietary format.

You can create a CER file based on a PVK file.

PFX

Or Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. The PFX file is also used in various Microsoft products, such as IIS.

PFX file can be created from a CER, SPC, or PVK file.

Source and further reading:
X.509
Software Publisher Certificate
Make Cert Command
IBM Certificate File Types

 
3 Comments

Posted by on April 22, 2013 in General

 

Tags: , , , ,

 
%d bloggers like this: