Generate custom, self-signed, long-expiry certificates on Windows

by Ed Sparks

We recently were introduced to a great utility that a Microsoft IIS Team employee maintains called SelfSSL7.   This is an upgraded version of the old SelfSSL tool that used to ship as part of the IIS Resource Kit.

Self-signed certificates have a myriad of useful purposes for internal uses in testing and staging environment, but are an awful pain to deal with using the (almost completely lacking) internal tools. 

SelfSSL7 to the rescue! 

Thomas has all the details at his blog below, but in a nutshell you simply download the tool, unzip and run from a command line.

For example, to create a self-signed certificate for a web server with a 5 year expiry and automatically export the whole thing to a PFX file for safe keeping, all while adding it to the local computer store and binding it to an IIS site automatically - simply execute the following at an elevated command prompt:

selfssl7 /k 2048 /v 1825 /x /f c:\SelfSSL7\my-5-year-cert.pfx /i

There is no step 2!

Such a time saver!