Solving development problems  |  About this blog

This article describes how to create a SSL certificate using OpenSSL and how to setup a HTTPS connection on IIS 7.0 with the created certificate.

IIS7 can import .pfx certificates.
Avoid tutorials that say ‘-des3′ because DES3 is outdated (not secured as others), use RSA instead

Certificate creation using OpenSSL

Download OpenSSL application for Windows:
http://www.openssl.org/related/binaries.html

on Ubuntu:
> sudo apt-get install openssl

Generate a private key and certificate using the command:
> openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout cert.pem -out cert.pem
Country Name (2 letter code) [AU]:SI
State or Province Name (full name) [Some-State]:Slovenia
Locality Name (eg, city) []:Ljubljana
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Avivo d.o.o.
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:example.com
Email Address []:info@example.com

Convert to PKCS#12 (.pfx)
> openssl pkcs12 -export -out cert.pfx -in cert.pem -name “Certificate Friendly Name”

You may have to enter a password several times for private key and generated certificate.
cert.pfx file is created when the procedure is successfully completed.

Also be aware to enter domain name under ‘Common Name’

Set-up HTTPS on IIS
Open IIS Manager (Start -> Run -> inetmgr). Click on the root tree node on the left side and select ‘Server Certificates’ on the right side.

When you click on ‘Server Certificates’ you can see  on the far right side. ‘ under ‘Actions’  ‘Import…’ Click on it.

Browse for the generated ‘your_cert.pfx’ file from previous step. Enter the password and click OK.

Certificate now appears on the list.

Back to the IIS tree, right click on a web site and select ‘Edit Bindings…’

Click on ‘Add…’ -> Type = https and choose SSL certificate to your certificate

How to fix IIS problem with multiple certificates

Problem:

On IIS 7 that you can not create more than one HTTPS binding, even though you have more then one SSL certificate and you need HTTPS binding on different hosted websites. If you have one IP address you can bind only one SSL to chosen website. This small application can fix this.

Solution:

Download our mini utility from Codeplex: http://iishttpsbinder.codeplex.com/

How to use:

References:
http://forums.iis.net/t/1117559.aspx
https://www.iis.net/ConfigReference/system.applicationHost/sites/site/bindings

Sometimes you need to link folder that is outside your web folder and this outside folder should “pretend” as it is local web folder.

This is what works for Windows 2008 Server….

There are two ways to do this:

1. From IIS management studio you can do right mouse click on your website and then choose Add Virtual Directory
   

   Problem with this approach that you can only read files from linked folder and you can not delete them

2. Alternative approach is to use mklink function and to link wished folder. Position yourself in the webroot of your website, open Command Prompt and type:

   
   mklink /D “YourLinkedFolderName” “Physical full path to real folder”

   Here is full syntax:

   mklink [[/D] | [/H] | [/J]] link target

   • /D – Creates a directory symbolic link. Default is a file symbolic link.
   • /H – Creates a hard link instead of a symbolic link.
   • /J – Creates a Directory Junction.
   • link – Specifies the new symbolic link name.
   • target – Specifies the path (relative or absolute) that the new link refers to.

   

Comparison: ASP .NET WebForms vs MVC