Do we have recommendations how to easily create a self-signed SSL/TLS certificate? The latter is required to switch a DMA from HTTP to HTTPS?
Thomas Gunkel [SLC] [DevOps Enabler] Answered question 8th February 2023
Thanks to Laurens Moutton for providing the following instructions how to create a self-signed certificate with Powershell:
PS C:\Windows\system32> $cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname 10.90.232.70 [replace IP with DMA IP-address]
PS C:\Windows\system32> $pwd = ConvertTo-SecureString -String ‘selfchosenpassword’ -Force -AsPlainText
PS C:\Windows\system32> $path = 'cert:\localMachine\my\' + $cert.thumbprint
PS C:\Windows\system32> Export-PfxCertificate -cert $path -FilePath c:\Temp\certip.pfx -Password $pwd
- Double click on certip.pfx and add it to the trusted root certificate store.
- In IIS Manager
- Click on server name and then on Server certificates.
- Click on Import and browse to certip.pfx and add it to the personal store
- Right click on default website and select bindings. Then for 443 link this to the certificate.
- Note: passwords that are requested is the same used in the command in $pwd
Thomas Gunkel [SLC] [DevOps Enabler] Answered question 8th February 2023
Hi Thomas,
While it’s not an answer to your question, instead of working with a self-signed certificate, it’s better to work with a real TLS certificate that you obtain through a Certificate Authority.
*A self-signed certificate will be flagged as insecure by your computer by default and needs to be installed on all client machines.