Click here to Skip to main content
13,289,653 members (58,803 online)
Click here to Skip to main content
Add your own
alternative version


191 bookmarked
Posted 3 May 2009

4 steps to create free SSL certificate for development

, 4 May 2009
Rate this:
Please Sign up or sign in to vote.
4 steps to create free SSL certificate for development

4 steps to create free SSL certificate for development

Introduction and Goal

Step 1 :- Locate makecert.exe

Step 2:- Create the certificate

Step 3 :- Assign the certificate to the site

Step 4:- Test the site

Step 5 :- Find a nice restaurant

SSL diagnostic tool

Introduction and Goal

There are times where we would like to have SSL enabled in our development environment. SSL certificates needs to be bought from places like Thawte, Verisign, GeoTrust etc. Typical cost of SSL certificate is shown below.



Setup Fee

Recurring Fee


Month 1





Every quarter





Once every 12 months





This means you also need to buy SSL certificate for your development server. This cost can double if you also setup of development and testing environment. So this article will save you 100$ atleast . Microsoft has provided ‘makecert.exe’ tool which helps us to create test certificates for our development environment.

Now a days I am distributing my 400 questions and answers eBook which covers major .NET related topics like WCF,WPF,WWF,Ajax,Core .NET,SQL Server,Architecture and lot lot more. I am sure you will enjoy this eBook.

Step 1 :- Locate makecert.exe

The first thing is to locate makecert.exe. You can get the same from “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin” or you can also get it from windows SDK.

Let’s run through what is “makecert.exe” and the explanation of different parameters. I admit this section I have shamelessly copied from 

MakeCert (Makecert.exe) is a command-line tool that creates an X.509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.

Below is a detail list of how to use make cert

MakeCert [/b DateStart] [/e DateEnd] [/m nMonths] [/n "Name"] [/pe] [/r] [/sc SubjectCertFile] [/sk SubjectKey] [/sr SubjectCertStoreLocation] [/ss SubjectCertStoreName] [/sv SubjectKeyFile] OutputFilePartial list of switches and arguments

/b DateStart
Specifies the start date when the certificate first becomes valid. The format of DateStart is

If the /b switch is not specified, the default start date is the date when the certificate is created.

/e DateEnd
Specifies the end date when the certificate’s validity period ends. The format of DateEnd is

If the /e switch is not specified, the default end date is 12/31/2039.

/m nMonths

Specifies the number of months starting from the start date during which the certificate will remain valid.

/n "Name"
Specifies a name for the certificate. This name must conform to the X.500 standard. The simplest method is to use the "CN=MyName" format.
If the /n switch is not specified, the default name of the certificate is "Joe's Software Emporium".

Configures MakeCert to make the private key that is associated with the certificate exportable.

Configures MakeCert to create a self-signed root certificate./sc SubjectCertFile
Specifies the subject's certificate file name along with the existing subject public key that is used.

/sk SubjectKey
Specifies the name of the subject's key container that holds the private key. If a key container does not exist, a new key container is created. If neither /sk nor /sv switch is entered, a default key container is created and used by default.

/sr SubjectCertStoreLocation
Specifies the registry location of the certificate store. The SubjectCertStoreLocation argument must be either of the following:
Specifies the registry location HKEY_CURRENT_USER.
Specifies the registry location HKEY_LOCAL_MACHINE.
If the /r switch is not specified along with the /s switch, currentUser is the default.

/ss SubjectCertStoreName
Specifies the name of the certificate store where the generated certificate is saved.

/sv SubjectKeyFile
Specifies the name of the subject's .pvk file that holds the private key. If neither /sk nor /sv switch is entered, a default key container is created and used by default.
The name of the file in which the generated certificate is saved.

Step 2:- Create the certificate

The second step is to create the certificate. You can type the below thing through your dos prompt on “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin”. Please note “compaq-jzp37md0” is the server name so you need to replace with your PC name.

makecert -r -pe -n "CN= compaq-jzp37md0 " -b 01/01/2000 -e 01/01/2050 -eku -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

If you run the same through your command prompt you should get a succeeded message as shown below.


Step 3 :- Assign the certificate to the site

Now it’s time to assign this certificate to your IIS website. So go to IIS properties , click on directory security tab and you should see server certificate tab.


So click on the server certificate tab and you will then be walked through a IIS certificate wizard. Click ‘Assign a existing certificate’ from the wizard.

You can see a list of certificates. The “compaq-jzp37md0” certificate is the one which we just created using ‘makecert.exe’.


Step 4:- Test the site

Now try to test the site without ‘https’ and you will get an error as shown below….That means your certificate is working.


Step 5 :- Find a nice restaurant

Now that you have saved 100$ find a nice restaurant to burn it… 

SSL diagnostic tool

There is a other easy way also using the SSL diagnostic tool. Download this tool from  and create new cert on the IIS application with just a click as shown below.

Image courtesy :-


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

You may also be interested in...


Comments and Discussions

GeneralThanks. Pin
zamkinos21-Jun-15 7:04
memberzamkinos21-Jun-15 7:04 
QuestionGreat information. but i have one question here . Pin
saravanakumart17-Feb-15 23:01
membersaravanakumart17-Feb-15 23:01 
QuestionGreat...!!!! Pin
Amol Jadhao26-Feb-14 21:19
memberAmol Jadhao26-Feb-14 21:19 
QuestionMy Vote Of 4 Pin
Alireza_13626-Dec-12 17:46
memberAlireza_13626-Dec-12 17:46 
Suggestionuseful for a begineer Pin
baksh28-Nov-12 4:12
memberbaksh28-Nov-12 4:12 
GeneralMy vote of 5 Pin
Martin Lottering27-Aug-12 2:19
memberMartin Lottering27-Aug-12 2:19 
Questionfeedback Pin
Android Parth20-Mar-12 3:26
memberAndroid Parth20-Mar-12 3:26 
GeneralMy vote of 4 Pin
Member 43208446-Jan-12 1:57
memberMember 43208446-Jan-12 1:57 
GeneralMy vote of 5 Pin
memberSATYA NARAYAN SAHOO28-Jul-11 8:43 
GeneralMy vote of 5 Pin
Vivek Johari9-Jan-11 5:04
memberVivek Johari9-Jan-11 5:04 
GeneralMy vote of 5 Pin
AbdullahSoft19-Nov-10 23:54
memberAbdullahSoft19-Nov-10 23:54 
GeneralMy vote of 5 Pin
Rudru15-Sep-10 18:58
memberRudru15-Sep-10 18:58 
Generalthanks Pin
Brisa Argelia22-Mar-10 9:32
memberBrisa Argelia22-Mar-10 9:32 
NewsAn easy way to create a self Signed Certificate with OpenSSL Pin
Elmue21-Jul-09 8:09
memberElmue21-Jul-09 8:09 
GeneralGenerated on VIsta and exported to Win2003 Pin
valamas24-May-09 2:04
membervalamas24-May-09 2:04 

Excellent article 5/5. Sorry to read others misunderstand the concept of a free ssl certificate for development and testing. (My favorite restaurant makes hottest Vindaloo.)

Here is how I followed your instruction and my slight deviation.

I needed to have the certificate on my test windows 2003 box. I did not want to install Visual Studio on it. So what i did was generate the certificate on my Vista machine via directory
C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin
and use the similar makecert.exe command and changed the name of the server as you suggested.

On my Vista machine, i then opened IIS7, click on my machine name / server certificates (in the main festure view). The certificate i created was there and i exported it to *.pfx file using a simple password. Copied it to my win2003 box.

I then open iis6 on my win2003 box. Properties of website i want to have ssl, directory security tab / server certificate button / next / import from pfx file.... and the rest people can figure out. After that I added port 443 to the home tab. Click ok and surf to the site using https.

I dont't care that a warning shows for invalid or expired certificate. This is for testing.

SOOOOOO easy. Thank you, have a nice day.
GeneralOther ways Pin
Wiebe Tijsma12-May-09 2:20
memberWiebe Tijsma12-May-09 2:20 
GeneralRe: Other ways Pin
skantg14-Feb-12 1:11
memberskantg14-Feb-12 1:11 
GeneralBit Harsh Pin
Tim Grindley12-May-09 2:01
memberTim Grindley12-May-09 2:01 
General[Message Deleted] Pin
icestatue4-May-09 3:21
membericestatue4-May-09 3:21 
GeneralRe: Completely inaccurate and misleading article. Pin
Shivprasad koirala4-May-09 3:40
memberShivprasad koirala4-May-09 3:40 
GeneralRe: Completely inaccurate and misleading article. Pin
Steven Relis21-Jun-09 3:17
memberSteven Relis21-Jun-09 3:17 
GeneralRe: Completely inaccurate and misleading article. Pin
mjanulaitis123416-Dec-09 5:39
membermjanulaitis123416-Dec-09 5:39 
GeneralMy vote of 1 Pin
icestatue4-May-09 3:18
membericestatue4-May-09 3:18 
GeneralRe: My vote of 1 Pin
senorbadger31-Aug-10 3:00
membersenorbadger31-Aug-10 3:00 
GeneralReally useful article Pin
saanj4-May-09 0:22
membersaanj4-May-09 0:22 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.171207.1 | Last Updated 4 May 2009
Article Copyright 2009 by Shivprasad koirala
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid