Create A Self-Signed SSL Certificate Using IIS 7

If you are a .NET developer that creates IIS or self-hosted WCF services, then you will probably have the need at some point to secure the transport with a SSL certificate if using a http binding type. If you have a WCF service hosted by IIS, applying a SSL certificate is a bit more trivial because the endpoint configuration does not dictate the URL. The virtual directory in IIS will create the URL for your endpoint. However, if you are hosting your WCF service in a Windows Service, you dictate the endpoint and applying the SSL certificate is a little more involved. Because of this you may want to create a self-signed SSL certificate while still in development to ensure that your 'https' endpoint works correctly. With IIS websites, legacy .asmx services, or WCF hosted services, applying a SSL certificate happens after the fact via IIS and the initial testing with a SSL certificate may not even be desired. Regardless of your situation, the following tutorial shown you a simple procedure to create a self-signed certificate on your local machine.

So what is a self-signed SSL certificate you may ask. A 'CA' or Certificate Authority is a trusted provided to generate a SSL certificate. Your local machine is a CA, but unfortunately and as expected the CA on your machine is not trusted (as should be) by any outside party, so any SSL certificate generated locally is good and trusted just there: locally! To get a SSL certificate generated by a trusted CA, you need to go to a commercial provider like 'GoDaddy' or 'Verisign' and purchase a SSL certificate. These Certificate Authorities are trusted on the internet and are able to provide SSL certificates with a set expiration time (i.e. 2 years out). Once applied, you can view the SSL certificate information of a secure site by pressing the secure lock icon in most browsers next to the URL, and will see who issued the SSL certificate, its expiration, and other public details like the public key.

If you happen to be on an Active Directory domain doing 'intranet' or internal software development, you may have a CA on the domain that will issue certificates which will be trusted within the domain. This is the way to go so one does not have to buy a GoDaddy or Verisign SSL certificate for every internal WCF service or hosted ASP.NET site. Check with your server folks (unless that's you!) to see if there is a CA that issues SSL certificates trusted by all on the domain.

If you don't have IIS7, generating a SSL certificate is still possible. You just do the similar steps under the 'Directory Security' tab in IIS for a given site. Using IIS to create the certificate does not mean we have to host our service in IIS. It just has a convenient 'wizard' style interface to generate certificates and place them in the proper 'stores'. You can manually decide which stores your certificate is placed in and trusted by using the Certificate Manager MMC snap-in. That is really off topic for this post, but good to see how local and purchased certificates are managed. The snap-in is not under the administrator tools by default so look to the following link if interested in adding or accessing this MMC utility:

How to Add Certificate Manager to Microsoft Management Console

To begin a new certificate request, open IIS7 and click on the root element which is your machine or server node. Locate the 'Server Certificates' icon and double click it:

On the right-hand side of the screen select the 'Create Self-Signed Certificate' link which will display the following dialog:

This is the important part which is dictating the friendly-name of your certificate. For local WCF development you really have (2) choices: name the certificate 'localhost' or the name of your machine. I recommend the name of your machine as it is more explicit. So in the example below my machine name is 'DevMachine1234'. The name is important for hosting WCF services and applying a SSL certificate to the exposed endpoint. If the SSL name does not match the domain of the hosted service it will not work. In the case of local development, name the certificate the same name as your machine.

After completing the request you will see the SSL certificate has been generated by the local machines CA, the friendly name, and the certificate hash.

The hash value will be important in the next post about applying this self-signed certificate to a port number that is dictated in the WCF configuration for a service hosted by a Windows Service. If you are applying the SSL certificate to a IIS hosted service or site, all you have to do is select it from the dropdown when configuring the 'https' binding in IIS7.

My New Computer: A Developers Dream

Well call me old school, but I still like a bangin' desktop for my main home PC. For the general user mostly not moving beyond the bounds of the web for computer use any machine from a laptop, netbook, tablet, or heck even a smart phone will suffice. However any serious users doing coding in .NET with VS.NET, video transfer + editing, gaming, photo editing, etc. you really need a *real* machine that can handle the load. Nothing more scalable and well built then a sweet looking mid-tower loaded with lots of horsepower.

Recently I began assembling my new main home PC and I love it! I have found that building a PC and maybe updating just memory, video card, or even CPU will last much, much longer than purchasing any kind of store bought machine. Case in point, the last PC I built was in the fall of 2003. It was a Socket 478 Asus Motherboard mid-tower. It lasted me until I built this new machine just a few weeks ago. How? I upgraded from a Celeron to a P4 Extreme Edition, updated the RAM, updated the video card, and got almost 8 years out of it. Still a fantastic machine I gave to my brother-in-law because it still ran XP really well. Hopefully I get several years out of my new machine as well.

Because of this gap I never experimented with any RAID configuration, etc to increase the PCs main bottleneck: the magnetic disk hard drive. With my new build I wanted all of the best but yet still be on a budget. I was determined to use a Solid State Drive (SSD) for the primary OS drive, and a decent HDD for the additional space needs. Once I caught wind of the new Intel i7 'Sandy Bridge' line of processors, I knew it was time to build. Not only are the Sandy Bridge Generation 2 i7 processors about 1/2 the cost of good Generation 1 i7 processors, they are faster too.

My budget was to be around $1000-$1200. The hands-down best place anywhere to get good deals on computer hardware is http://www.newegg.com Between their 'Shell-Shocker' deals, coupon codes, sales, and overall low prices, I was able to build my new machine for under $1200. I am not including the OS because that is a given. My build was using Windows 7 64-bit Ultimate. So let's get to the parts ->>

LIAN LI Lancool PC-K63 Black Steel ATX Mid Tower Computer Case - Cost $99 via 'Shell-Shocker' deal. The case is fantastic! There really are no screws, everything snaps into place. Cable management is routed through guides so there isn't a big mess. There are several blue LED fans which make the case stand out too.

ASUS P8P67 (REV 3.0) LGA 1155 Intel P67 SATA 6Gb/s USB 3.0 ATX Intel Motherboard - Cost $154 with coupon code. I love Asus motherboards. There is so much configurability and expansion. This is the entry level P8P67 ATX board, but since I am not doing dual graphics cards needing SLI support, this board works great for me.

KINGWIN Lazer LZ-1000 1000W Modular 80 PLUS BRONZE Certified Active PFC W/ 3-Way LED Switch and Universal Modular Connector Power Supply - Cost $119 via 'Shell-Shocker' deal. 1000 watts, enough said? Bronze certified, modular connections, and a blue LED fan to match the case. Perfect choice for me.

Intel Core i7-2600 Sandy Bridge 3.4GHz (3.8GHz Turbo Boost) 4 x 256KB L2 Cache 8MB L3 Cache LGA 1155 95W Quad-Core Desktop Processor BX80623I7260 - Cost $285 with coupon code. This i7 CPU as of this post is about the fastest CPU on the market right now. Combine this with a SSD, and Windows 7 64-bit and you will get some BLAZING fast speeds.

Kingston SSDNow V+ Series SNVP325-S2B/128GB 2.5" 128GB SATA II MLC Internal Solid State Drive (SSD) - Cost $165 after mail-in rebate. This is the 1st SSD I have ever owned and it is about the best PC component purchase I have ever made. It is only SATA II and the speed is amazing. These deals are going to make magnetic drives obsolete in a few years once the price comes down a bit more.

Western Digital Caviar Black WD7502AAEX 750GB 7200 RPM 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive -Bare Drive - Cost $59 after coupon code. The 'Black Caviar' Wester Digital drives have the best warranty in class at (3) years, and are the most durable of the green,blue,black line of drives. SATA III 6Gb/s this drive is super fast for a traditional HDD. I just hope WD gets going with SSDs so they don;t end up like Blockbuster video wondering what happened with NetFlix.

SAPPHIRE 100297L Radeon HD 5830 1GB 256-bit GDDR5 PCI Express 2.1 x16 HDCP Ready CrossFireX Support Video Card w/ ATI Eyefinity Technology - Cost $139 after coupon code. This has already come down further in price since I bought it (big surprise right?) but it is a solid, well preforming, 256-bit GDDR5 board that will handle a plethora of modern day gaming and video needs.

CORSAIR XMS 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 1600 (PC3 12800) Desktop Memory Model CMX8GX3M2A1600C9 - Cost $75 after mail-in rebate. Fast, compatible, easy installation. I don;t get too much into memory overclocking so this memory is working fine for me. Honestly in all of the memory research I did, I really started to wonder if the whole 'heat-sink' super duper memory x2 in price for same speed had negligible performance gains and was probably a gimmick. I say get what's compatible and as much as you can.

Sony Optiarc CD/DVD Burner 24X DVD+R 8X DVD+RW 12X DVD+R DL 24X DVD-R 6X DVD-RW 16X DVD-ROM 48X CD-R 32X CD-RW 48X CD-ROM Black SATA Model AD-7261S-0B LightScribe Support - Cost $24 after coupon code. Fast, quiet, Sony brand, LightScribe. If you have never used LightScribe I recommend getting it. Turn over the DVD or CD after burning a LightScribe disk and burn some really cool text or images to the disk. It's been around for years but not too many know about using it.

Arctic Silver 5 Thermal Compound - OEM - Cost $7 after coupon code. Get some as it is a good idea when installing the CPU to transfer heat best.

Logitech 920-000914 Black 106 Normal Keys USB Wired Ultra-thin Illuminated Keyboard - Cost $45 Refurbished (eBay purchase). This was the only product I did not buy from NewEgg; I got it on eBay for about 2/3 the cost. The Refurbished product was in perfect condition, and I am using it right now! An illuminated keyboard is a purchase I am wondering why I didn;t have about 5-10 years ago. I really like it a lot.

Total cost: $1171. Now some pictures:

Well how is the overall performance when benchmarked? Well I don;t have any fancy tools, but using Windows 7's 'Windows Experience Index' the machine scored a 7.0 on a possible 7.9 scale:

The end result? Windows 7 64-bit installed in 12 minutes, the machine boots to desktop ready for use in about 15 seconds, and shut down time is about 4 seconds. Opening applications like VS.NET 2010? Almost instant. AWESOME! Hope this machine lasts me 8 years like my last one, to get everything out of it. I think every developer should have a machine like this. If you get a chance to build one similar, I highly recommend it.