Share via


Internet Information Service (IIS) Server Certificate Installation Instructions

To run the samples that securely communicate with Internet Information Services (IIS), you must create and install a server certificate.

Creating Certificates

To create a certificate for your machine, run the Setup.bat that is included in each of the samples that use secure communication with IIS. Ensure that the path includes the folder that contains Makecert.exe before you run this batch file. The command used to create the certificate in Setup.bat is:

makecert -sr LocalMachine -ss My -n CN=ServiceModelSamples-HTTPS-Server -sky exchange -sk ServiceModelSamples-HTTPS-Key

Installing Certificates

The steps required to install the certificates you just created depend on which version of IIS you are using.

To install IIS on IIS 5.1 (Windows XP) and IIS 6.0 (Windows Server 2003)

  1. Open the Internet Information Services Manager MMC Snap-In.

  2. Right-click the default Web site and select Properties.

  3. Select the Directory Security tab.

  4. Click the Server Certificate button. The Web Server Certificate Wizard starts.

  5. Complete the wizard. Select the option to assign a certificate. Select the ServiceModelSamples-HTTPS-Server certificate from the list of certificates that are displayed.

  6. Test access to the service in a browser by using the HTTPS address https://localhost/servicemodelsamples/service.svc.

If SSL was previously configured by using Httpcfg.exe

  1. Use Makecert.exe (or run Setup.bat) to create the server certificate.

  2. Run the IIS manager and install the certificate according to the previous steps.

  3. Add the following line of code to the client program.

Note Note:

This code is only required for test certificates such as those created by Makecert.exe. It is not recommended for production code.

PermissiveCertificatePolicy.Enact("CN=ServiceModelSamples-HTTPS-Server");

To install IIS on IIS 7.0 (Windows Vista)

  1. Open the Internet Information Services Manager MMC Snap-In.

  2. Right-click the Default Web Site and select Edit Bindings…

  3. Click the Add button of the Web Site Bindings dialog box.

  4. Select HTTPS from the Type drop-down list.

  5. Select the ServiceModelSamples-HTTPS-Server from the SSL certificate drop-down list and click OK.

  6. Test access to the service in a browser by using the HTTPS address https://localhost/servicemodelsamples/service.svc.

NoteNote:

Because the test certificate you have just installed is not a trusted certificate, you may encounter additional Internet Explorer security warnings when browsing to local Web addresses secured with this certificate.

Removing Certificates

  • Use the Internet Information Service Manager as previously directed, but remove the certificate / binding instead of adding it.

  • Remove the machine certificate by using the following command:

    httpcfg delete ssl -i 0.0.0.0:443
    

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.