Creating a Self-Signed Certificate in IIS6

I apologize in advance to my non-techie readers. This post will be very geeky in content.

Sometimes all you want is a secured connection. If the application you are securing is only accessible internally, then there is no need to for an outside certificate authority (such as Verisign or Thawte).

The process is actually quite easy. In IIS 7, the task is simple; in IIS 6, not so much. The problem is finding instructions on the process.

Eventually, I found some great instructions at MSExchange.org. Henrik Walther does an excellent job of walking through the process. It is complete with screenshots a-plenty.

Even with these great instructions, I still ended up having to do it three times before I got it right. The problem was in "Submit[ting] a Certificate Request or Renewal Request". I missed one little thing. After you paste the request text, you have to choose a "Certificate Template". The default is "Administrator", which does not include the "Server Authentication (1.3.6.1.5.5.7.3.1)" attribute. Without this, you can send secure email, but not SSL access to your Web application.

It was very ugly.

However, making sure you choose "Web Server" as your Certificate Template works like a dream.

So, I extend special kudos to Henrik for posting such good content. Our APRS users will never know the favor you did for them.