Internet Information Service (IIS) Server Certificate Installation Instructions
To run the samples that securely communicate with Internet Information Services (IIS), you must create and install a server certificate.
Creating Certificates
To create a certificate for your machine, run the Setup.bat that is included in each of the samples that use secure communication with IIS. Ensure that the path includes the folder that contains Makecert.exe before you run this batch file. The command used to create the certificate in Setup.bat is:
makecert -sr LocalMachine -ss My -n CN=ServiceModelSamples-HTTPS-Server -sky exchange -sk ServiceModelSamples-HTTPS-Key
Installing Certificates
The steps required to install the certificates you just created depend on which version of IIS you are using.
To install IIS on IIS 5.1 (Windows XP) and IIS 6.0 (Windows Server 2003)
Open the Internet Information Services Manager MMC Snap-In.
Right-click the default Web site and select Properties.
Select the Directory Security tab.
Click the Server Certificate button. The Web Server Certificate Wizard starts.
Complete the wizard. Select the option to assign a certificate. Select the ServiceModelSamples-HTTPS-Server certificate from the list of certificates that are displayed.
Test access to the service in a browser by using the HTTPS address https://localhost/servicemodelsamples/service.svc.
If SSL was previously configured by using Httpcfg.exe
Use Makecert.exe (or run Setup.bat) to create the server certificate.
Run the IIS manager and install the certificate according to the previous steps.
Add the following line of code to the client program.
Note: |
---|
This code is only required for test certificates such as those created by Makecert.exe. It is not recommended for production code. |
PermissiveCertificatePolicy.Enact("CN=ServiceModelSamples-HTTPS-Server");
To install IIS on IIS 7.0 (Windows Vista)
Open the Internet Information Services Manager MMC Snap-In.
Right-click the Default Web Site and select Edit Bindings…
Click the Add button of the Web Site Bindings dialog box.
Select HTTPS from the Type drop-down list.
Select the ServiceModelSamples-HTTPS-Server from the SSL certificate drop-down list and click OK.
Test access to the service in a browser by using the HTTPS address https://localhost/servicemodelsamples/service.svc.
Note: |
---|
Because the test certificate you have just installed is not a trusted certificate, you may encounter additional Internet Explorer security warnings when browsing to local Web addresses secured with this certificate. |
Removing Certificates
Use the Internet Information Service Manager as previously directed, but remove the certificate / binding instead of adding it.
Remove the machine certificate by using the following command:
httpcfg delete ssl -i 0.0.0.0:443
Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.