RSS

Tag Archives: ssl

Configure IIS-Hosted WCF to Run On SSL

It’s possible to run IIS-hosted WCF locally, with SSL.

Here’s the full guide: Configure an IIS-hosted WCF service with SSL.

To generate self-signed trusted SSL certificate, see How to Create Valid and Trusted SSL Certificate (Wildcard) for Development.

Just in case you need it, for web application to run on IIS Express with SSL, see: Enable SSL in IIS Express

Advertisements
 
Leave a comment

Posted by on May 29, 2015 in General

 

Tags: , , ,

Enable SSL in IIS Express

It’s possible, fairly easy too. I am running Visual Studio 2013.

Highlight Web project from your Solution Explorer.

enable-ssl-in-iis-express-1

Under “View” menu, click on “Properties Window” (CTRL + W, P). Then, change “SSL Enabled” property to True

enable-ssl-in-iis-express-2

The first you run the web application, you will be shown a warning message that you run on SSL. Then, Security Warning message to install certificate, just “Yes” it out.

enable-ssl-in-iis-express-3

You can now browse to HTTPS of the web app by clicking on the IIS Express. The port of HTTPS address may be different than non-SSL.

enable-ssl-in-iis-express-4

Your browser may show untrusted SSL certificate. If you prefer trusted SSL certificate, you can generate this yourself. How to Create Valid and Trusted SSL Certificate (Wildcard) for Development.

For configuring IIS-hosted WCF to run on SSL, see Configure IIS-Hosted WCF to Run On SSL.

 
Leave a comment

Posted by on April 30, 2015 in General

 

Tags: , ,

How to Create Valid and Trusted SSL Certificate (Wildcard) for Development

For development purpose, sometime you need trusted SSL certificate that won’t give you certificate validation error. To avoid this problem, you can buy valid certificate from trusted CA. Another way is to create your own. This will guide you how to create trusted root certificate authority and self-signed certificate.

Tools

Following are required tools:

  • makecert.exe
  • pvk2pfx.exe

Both of these files can be found in your Microsoft SDKs folder, or try search in one of the following folder. If your machine is 32-bit, search under “Program Files (x86)” folder instead.

  • C:\Program Files\Microsoft SDKs\Windows\
  • C:\Program Files\Microsoft Visual Studio 8\
  • C:\Program Files\Microsoft Visual Studio 11.0\
  • C:\Program Files\Windows Kits\
  • C:\Program Files\Microsoft.NET\SDK\
  • C:\Program Files (x86)\Microsoft Visual Studio 9.0\
  • C:\Program Files (x86)\Microsoft Visual Studio 8\

Preparation

It’s a good idea to create a new folder and place all files in the new folder. When running the commands to create the certificates, run it under the new folder as well.

Root Certificate Authority

C:\DevCert> makecert.exe -r -n "CN=dev.root" -pe -sv dev.root.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -cy authority dev.root.cer
C:\DevCert> pvk2pfx.exe -pvk dev.root.pvk -spc dev.root.cer -pfx dev.root.pfx

You can change certificate name, valid to and valid from dates (-n “CN=dev.root”, -b 01/01/2014, -e 12/31/2200, respectively), to whatever you like.
You may be prompted to create a password. This is the password to your private key.

This command will generate 3 certificates:

  • dev.root.cer (certificate)
  • dev.root.pvk (private key)
  • dev.root.pfx (certificate containing private key)

Install “dev.root.cer” root certificate to the store (Computer Account), under “Trusted Root Certification Authorities” folder.

SSL Certificate

C:\DevCert> makecert.exe -iv dev.root.pvk -ic dev.root.cer -n "CN=dev.site" -pe -sv dev.site.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -sky exchange dev.site.cer -eku 1.3.6.1.5.5.7.3.1
C:\DevCert> pvk2pfx.exe -pvk dev.site.pvk -spc dev.site.cer -pfx dev.site.pfx

You can change certificate name, valid to and valid from dates (-n “CN=dev.site”, -b 01/01/2014, -e 12/31/2200, respectively), to whatever you like.
You may be prompted to create a password. This is the password to your private key.

This command will generate 3 certificates:

  • dev.site.cer (certificate)
  • dev.site.pvk (private key)
  • dev.site.pfx (certificate containing private key)

Wildcard Certificate

You can create a wilcard certificate by prepend “*” (asterisk) on certificate name, for example:

C:\DevCert> makecert.exe -iv dev.root.pvk -ic dev.root.cer -n "CN=*.dev.site" -pe -sv w.dev.site.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -sky exchange w.dev.site.cer -eku 1.3.6.1.5.5.7.3.1

Installation

In Certificate snap-in of Management Console (mmc):

  • For root CA certificate, “dev.root.cer” must be imported into “Trusted Root Certification Authorities” folder.
  • For regular (or wildcard) certificate, “dev.site.pfx” must be imported into “Personal” folder.

SSL / TLS Usage

To use certificate as SSL certificate, the CN name must match host name of the site. For example, if the site has host name “dev.site”, the certificate CN’s name must also be “dev.site”.

To use wildcard certificate in multiple sites as SSL certificate for the same IP address, it must have valid host name (ie, *.dev.site). With this approach, each site using the wildcard certificate must have different host name (ie, blog.dev.site and news.dev.site).

 
2 Comments

Posted by on August 13, 2014 in General

 

Tags: , , , ,

 
%d bloggers like this: