Untrusted certificate on IIS using OpenSSL

2
votes

I'm using OpenSSL to avoid pay for it. In my server is runing IIS 8 and Windows Server 2012.

I created my certificate this way:

  1. Used IIS to create a certificate request

  2. Used the following command to create a RSA private key

    openssl genrsa -des3 -out cakey.pem 2048

  3. After that I used this command to generate a certificate

    openssl req -new -key cakey.pem -x509 -days 1825 -extensions v3_ca -out ca.crt

  4. Finally I signed the certificate request using this:

    openssl x509 -req -days 365 -in certreq.txt -CA ca.crt -CAkey cakey.pem -CAcreateserial -out iis.cer

But when I navigate to the website I get an "error" telling me that this is an "Untrusted certificate": The security certificate presented by this website was not issued by a trusted certificate authority.

2
iisopensslsecuritywindows-server-2012

2 Answers

3
votes

What you get from OpenSSL tool is a self signed certificate. Of course it is not trusted by any browser, as who can say you are worth the trust.

Please buy a certificate if you want to set up a public web site. That's something you must pay, just like the public domain name.

Instead, if you are hosting an internal web site for your company, there are ways to set up your own CA, such as using Microsoft Active Directory Certificate Services.

Updated in 2018: Today there are more options to get free certificates, such as Let's Encrypt. Check them out and make good use of them.

0
votes

Did you install your CA certificate into your browser before trying to visit the IIS server running the certificate you generated under the CA hierarchy? Here's some information about that step.