From: David Jackson on
Hello,

I'm in the process of moving my development environment to Windows 7
Professional Edition. No problems so far with Visual Studio 2008
Professional edition, SQL Server 2008 Developer edition etc.

I'm wondering what the best solution is for installing an SSL certificate on
this machine so that I can develop and test secure sites. On my previous
machine I used SelfSSL from within the Windows Server Resource Kit and that
worked fine. Is that still the recommended solution for Windows 7 / IIS 7.5?

Thank you in advance.

David

From: Mark Rae [MVP] on
"David Jackson" <someone(a)somewhere.com> wrote in message
news:O1pnSGTwKHA.4492(a)TK2MSFTNGP05.phx.gbl...

> I'm in the process of moving my development environment to Windows 7
> Professional Edition. No problems so far with Visual Studio 2008
> Professional edition, SQL Server 2008 Developer edition etc.
>
> I'm wondering what the best solution is for installing an SSL certificate
> on this machine so that I can develop and test secure sites. On my
> previous machine I used SelfSSL from within the Windows Server Resource
> Kit and that worked fine. Is that still the recommended solution for
> Windows 7 / IIS 7.5?

Best solution? Impossible to say. You can use makecert.exe which comes with
the Visual Studio SDK, but that requires a lot more configuration than
SelfSSL.

However, I'm happy to report that SelfSSL works perfectly in IIS7, including
64-bit. The only proviso is that you need to make sure that the "IIS
Metabase and IIS 6 configuration compatibility" option is installed under
Control Panel\Programs\Turn Windows features on and off\Internet Information
Services\Web Management Tools\IIS 6 Management Compatibility\

If you're using IE8, you'll get the expected prompt asking you to lower the
browser's security a little bit for the local intranet zone - no harm in
doing that, on the assumption that the machine is protected either by a
local firewall and anti-malware software or behind a network firewall etc...

Since you've used SelfSSL in the past, I won't bore you with the syntax
other to say go for the defaults in everything apart from the certificate's
expiry date, otherwise you'll have to repeat the process every seven days...

Once you've used SelfSSL to create and install the certificate, you can view
it in the IIS management console. Select the local machine (not any of the
sites underneath it) and double-click "Server certificates" in the IIS
section. Double-click it, and then select the "Certification Path" tab,
where it should say "This certificate is OK" in the Certificate Status box.
Assuming it does, all is well.


--
Mark Rae
ASP.NET MVP
http://www.markrae.net