IIS HTTPS configuration for Team development

This post a collection of information which I found all over the internet. I’m posting it as a reference for myself. I need to set up a development environment where a team of developers can develop multiple projects which use and test Web applications using HTTPS.

Step 1: Create a root cert. This will be used to share in the team.

Here is a cmd file which creates a root cert for a parameter

Using makecert and pvk2pfx:

set PATH="C:\Program Files (x86)\Windows Kits\8.1\bin\x64\"

makecert.exe -r -n "CN=%1" -pe -sv %1.pvk -a sha1 -len 2048 -b 01/01/2014 -e 01/21/2030 -cy authority %1.cer
pvk2pfx.exe -pvk %1.pvk -spc %1.cer -pfx %1.pfx

Or using openssl:

set PATH="C:\Program Files (x86)\Git\bin\"

openssl genrsa -des3 -out %1.key 4096
openssl req -new -x509 -days 365 -key %1.key -out %1.crt

This cmd can be used as follows:

createRootCert.cmd TeamDevelopmentRoot

Step 2: Create a project cert.
Now that the root cert is created, each project requires its own cert. It is very IMPORTANT that the cert name matches the project IIS URL!

Using makecert and pvk2pfx:

set PATH="C:\Program Files (x86)\Windows Kits\8.1\bin\x64\"

makecert.exe -iv %2.pvk -ic %2.cer -n "CN=%1" -pe -sv %1.pvk -a sha1 -len 2048 -b 01/21/2010 -e 01/21/2020 -sky exchange %1.cer -eku
pvk2pfx.exe -pvk %1.pvk -spc %1.cer -pfx %1.pfx

Or using openssl:

set PATH="C:\Program Files (x86)\Git\bin\"

openssl genrsa -des3 -out %1.key 4096
openssl req -new -key %1.key -out %1.csr
openssl x509 -req -days 365 -in %1.csr -CA %2.crt -CAkey %2.key -set_serial 01 -out %1.crt
openssl pkcs12 -export -out %1.pfx -inkey %1.key -in %1.crt

This can be used like this:

createProjectCertFromRoot.cmd webprojectx TeamDevelopmentRoot

Step 3: Now add the certs to the operating system.

Open mmc and File/Add remove snap-ins, choose Certificates


Choose Computer account


In Trusted Root Certication Authorities/Certificates, right click and select All Tasks/ Import…


Choose the TeamDevelopmentRoot.cer file and add


Now select Personal/Certificates, right click and Import…


This time select the webprojectx.pfx file. NOTE: It is important to choose the pfx file!!!


Double click on this file and check that the certificate is OK.


Step 4: Use the certs in IIS:

Open the IIS and create a Website. The Host name must match the cert.


In the application pool, make certain your using an account with the proper rights, for example LocalService. Also check that the IIS_IUSR group have access to the file system.

Step 5: Map your host to in the hosts file. (C:/Windows/System32/drivers/etc)
Add the following: webprojectx

Now you can test it in the Browser:
And add it to your trusted sites:


Now that it works, you can share the certs with your team and develop together using HTTPS. Every time you create a new project, you just require a single cert which inherits from the root cert to be added to the personal certs. This can be shared among the team as all have installed the root cert.

Next step: implement Authentication and Authorization .












One comment

  1. […] IIS HTTPS configuration for Team development […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: