Create and export a self-signed certificate

Applies To: Windows 7, Windows Server 2008 R2

You can use these procedures to create a self-signed certificate using Internet Information Services (IIS), and then export the certificate for use on client computers.

You must be a member of the IIS 7 Administrators group to perform this procedure.

To create a self-signed certificate

1. On Hosted-01, click Start, click Run, and then type mmc. The Microsoft Management Console (MMC) opens.

2. In the MMC, click File, and then click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box opens. In Available snap-ins, click Internet Information Services (IIS) Manager, and then click Add. Click OK.

3. In the IIS console, double click Internet Information Services (IIS) Manager, and then click Hosted-01 (HOSTED-01).

   

4. In Hosted-01 Home, scroll to and double-click Server Certificates.

   

5. In Actions, click Create Self-Signed Certificate.

   

6. The Create Self-Signed Certificate page opens. In Specify a friendly name for the certificate, type BranchCache.

   

7. Click OK. IIS Manager creates a self-signed certificate named BranchCache, which is displayed in IIS Manager. Do not close the MMC, as it is used in the next procedure.

You can use the following procedure to export the BranchCache certificate to a folder location on Hosted-01.

You must be a member of the Administrators group to perform this procedure.

To export the BranchCache certificate

1. In the MMC, click File, and then click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box opens. In Available snap-ins, click Certificates, and then click Add.

   

2. The Certificates snap-in page opens. On the Certificates snap-in page, click Computer account, and then click Next.

   

3. In Select Computer, ensure that Local computer is selected, and then click Finish.

   

4. Click OK. The Certificates snap-in is added to the same MMC that contains the IIS Manager snap-in. In the MMC, double-click Certificates (Local Computer), double-click Personal, and then click Certificates. In the details pane, the BranchCache certificate issued to Hosted-01 is displayed.

5. Right-click Hosted-01, click All Tasks, and then click Export.

   

6. The Certificate Export Wizard opens. Click Next.

7. In Export Private Key, ensure that No, do not export the private key is selected, and then click Next.

   

8. In Export File Format, ensure that DER encoded binary X.509 (.CER) is selected, and then click Next.

   

9. In File to export, click Browse, and then navigate to a folder location where you want to save the certificate. In File name, type BranchCache, and then click Save. The Browse dialog box closes and the File to export page is displayed with the file location and file name that you selected. For example, if you selected a file location of C: and a file name of BranchCache, C:\BranchCache.cer is displayed.

10. Click Next, and then click Finish. An information dialog box opens that displays the message The export was successful. Click OK.

    

11. If needed, click Finish. Using Windows Explorer, navigate to the file location where you saved the certificate. Copy the certificate and save the certificate to a file location on both Client-01 and Client-02.