How to use makecert.exe to create a self-signed test certificate that can be used with IIS SSL

How to use makecert.exe to create a self-signed test certificate that can be used with IIS for SSL

Problem: Special options must be specified with makecert.exe, to create a self-signed certificate that can be used with IIS (Microsoft Internet Information Server).

Note: Microsoft recommends to install and use the 'Certificate Server' to generate an SSL test certificate (Q216907), instead of using makecert.exe. But using makecert is simpler.

Solution:

The following command can be used to create and import a self-signed SSL test certificate:

makecert -r -pe -n 'CN=www.yourserver.com' -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp 'Microsoft RSA SChannel Cryptographic Provider' -sy 12

To install this certificate in IIS 5.0, open the IIS 'Web Site Properties', 'Directory Security', 'Server Certificate...', 'Assign an existing certificate' and select the new certificate from the list.