Creating Self-Signed certificates for development in 5 easy steps!

IntraWeb comes with our own tool to create, install and manage SSL Certificates for development (self-signed certificates as shown here) or even for production (requesting Let’s Encrypt certificates). You don’t need any other tool, no script, batch or command line tools. IntraWeb Certificate Manager is the only tool that you need. 

Create and install a self-signed certificate in less than 2 minutes and ZERO cryptic command lines:

1- Locate and run IWCertificateManager inside your IntraWeb install folder, under subfolder Tools\CertificateManager.

2- Click on the link Generate Self-Signed Certificate. You will see a page like the one below. Fill all fields (except State which is optional). Click on Execute.

IWCertificateManger will create a bunch of files inside the specified folder. Here are they:

Cert.pem and PrivateKey.pem are the certificate and the private key in PEM format. We will use both files ahead. The other files are not important right now and we will get back to them in another post. In case you are using SA application based on Indy, you can stop right here. The Cert.pem and Key.pem files are all you need to start using Https in SA/Indy.

3- Select  “Convert PEM Certificates to PCKS12” (see picture below). This step will take your Cert.pem and PrivateKey.pem files + a password and create a new file which combines them all. This new file is the certificate in PCKS12 format. This is the file format that you must have in order to install on Windows (for IIS and also Http.sys).

Click on Execute. A new file will be created in the same folder. Here is it:

PKCS12 certificate files usually have the extension .PFX. The PFX file is basically = Certificate + Private Key + a password

4- Now you will install the certificate. Click on “Install Certificate”. IWCertificateManager will prompt you with a file open dialog. You must select the file Cert.pfx created in previous step. After selecting it, you will also be prompted for a password. Inform the same password used when generating the PFX file above.

If the file and password are correct, the certificate will be installed successfully:

5- Now the final step. After installing the certificate you must link (i.e. bind) the certificate and the address. You will be basically instructing Windows to use a certain certificate when receiving requests targeted to specific URLs (or IPs). Click on “Add Binding” link.

Then you will inform the IP Address (or host name, for development, IP address is easier in general), the port number and the Certificate. Click on the button “Certificate Thumbprint” and select the certificate that you have just installed (please notice that there is a link on that dialog where you can read “more choices”). Select the certificate and click on OK button. Click on the button “Application ID” so it will generate a new one for you.

Now click on button “Add”. You will receive a message saying that the binding was added. Now click on SSL Bindings link so you can see your newly added binding:

Your certificate is installed and READY to be used with your IntraWeb Http.sys application in your development environment (and also ISAPI, installed under IIS). Self-Signed certificates are not trusted by browsers so they can’t be deployed in production servers, used by the end-users of your application. But they are good enough for development and internal testing.

Please notice that I’m using a fake domain “iwtest.com”. In order to redirect all requests to iwtest.com to my application installed on my local machine, I need to edit the Windows hosts file. The hosts file can be found in C:\<Windows dir>\System32\drivers\etc\hosts 

Some AntiVirus software block write access to the hosts file. The easiest way is to copy it to another folder, edit it, and then copy it back to the original folder, replacing the original one.

Here is how I did it:

Now, I can use my browser, type “iwtest.com” and all requests will be redirected to my application installed on my local machine.

Enjoy!

Please remember to always download the latest IWCertificateManager here.

IWCertificateManager is a 100% FREE tool from Atozed.