Creating a Certificate in IIS

This topic describes the procedure for creating a certificate in Windows.

Certificates can be created but they must be trusted by the server for authentication. This topic describes the procedure for creating a sample certificate with IP address as the Subject Alternate Name to work with Event handling.

1. Install OpenSSL. For information on installing OpenSSL, refer to http://www.slproweb.com/products/Win32OpenSSL.html.
2. Event service uses IP address as an alternate domain to receive events from the server. Therefore, if the application you are developing uses Event service then you must specify the subject alternative name as the machine name and the IP address. To perform this, open openssl.cfg file in the <OpenSSL installation folder>/bin folder and add the following line below [ v3_req ]:

   subjectAltName=DNS: machineName,DNS: ipAddressOfMachine
   

   For example:

   subjectAltName=DNS: computer1 , DNS: 10.192.178.32
   

   The certificate request generated will now have the extra attribute subjectAltName with the given values.
3. To request for a server certificate, navigate to the <OpenSSL installation folder>/bin folder in the command prompt and type the following:

   openssl req -config openssl.cfg -new -out <server certificate name>.csr -reqexts v3_req
   

   In the above step the certificate request file will be generated. Send this .csr to Certificate Authorities to get the certificate. After the certificate is issued, open the certificate and go to Details tab to ensure that the attribute Subject Alternate Name contains the value that you have given in the openssl.cfg file.
   Note: To verify whether the subject alternate name is added to the certificate request, use the below command:

   openssl req -in <server certificate name>.csr -config openssl.cfg -text
   

4. To create a private key for the certificate, navigate to the <OpenSSL installation folder>/bin folder in the command prompt and type the following:

   openssl rsa -in privkey.pem -out <server certificate name>.key
   

5. To get the key in p12 format, type the below command :

   openssl  pkcs12  -export -in <server certificate name>.cer 
    -inkey <server certificate name>.key  -out  privatekey.p12
   

The server certificate request is now created.