How to create a self-signed wildcard SSL certificate for IIS 6?

Question

I'm trying to create a self-signed wildcard SSL certificate for use on a number of development and test servers running IIS 6. Following various guides has led to a couple ways of generating the certificates, but I haven't had any luck getting it to work. The most successful ways I've had were following this OpenSSL guide and using makecert.exe like so:

makecert.exe -r -b 01/01/2009 -e 01/01/2042 -sr LocalMachine -ss MY -a sha1 -n CN="*.example.com" -sky exchange -pe -eku 1.3.6.1.5.5.7.3.1 -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" wildcard.cer

 

Both of which generate certificates that IIS 6 will accept, but when I actually try to view the site I get the following error in firefox:

Data Transfer Interrupted

The connection to dev.example.com was interrupted while the page was loading.

IE just gives:

Internet Explorer cannot display the webpage

Most likely causes:

• You are not connected to the Internet.
• The website is encountering problems.
• There might be a typing error in the address.

This error happens whether I try to access it by domain name, machine name, localhost, local ip, or loopback ip.

So...how can I create a self-signed wildcard cert that IIS 6 will work with? Or how can I fix the problems I'm experiencing with the ones I've already created?

Answer 1

You can use the IIS 6 Resource Kit provided by MS, an command line app called SelfSSL. It can generate the SSL key and import it into your IIS installation.

IIS 6 Resource Kit

Answer 2

you can do a wildcard certificate with *.domain.local and multiple ssl protocols by using the c:\inetpub\adminscripts adsutil.vbs set w3svc[siteid]\SecureBindings ":443:name.domain.local"