Guide to Create a Self-Signed Certificate for Windows Server 2012 R2
SSL Certificates
Secure Sockets Layer (SSL) secures communication that happens between a web server and the browser and keeps it private, thereby reducing the risk of sensitive information being stolen. SSL certificates are used by millions of websites across the globe. In short, an SSL certificate assures that the conversation between two parties is private.
What is a Self-Signed Certificate?
A self-signed certificate is a free SSL certificate that is signed by the individual to whom it is issued. When you go for a self-signed certificate, the private key will be signed by you and not by any Certificate Authority (CA). Self-signed certificates are free and this gives website owners an opportunity to secure their websites with free SSL certificates. However, these certificates are generally used for internal testing purposes.
Standard SSL certificates are issued by Certificate Authorities using a chain of trust. Each certificate is signed by more reliable certificates and this chain extends to the root certificates. Unlike other standard SSL certificates, self-signed certificates do not use the chain of trust. These certificates are mostly used when the company wants to internally test without standard SSL certificates for which they have to pay.
Steps to Create a Self-Signed SSL for Windows Server 2012 R2
You can use a self-signed certificate for Windows Server 2012 R2. Following are the steps involved in the process of creating a self-signed SSL certificate for Windows Server 2012 R2.
Self-Signed SSL Certificate Generation Steps
- Step:1 Open the Microsoft Management Console (MMC) and go to Run, Type MMC and then click the OK button.
- Step:2 Window (MMC Console) will open, click on Add/Remove Snap-in.
- Step:3 You will find the certificate on the left panel >> select Certificates and click on Add.
- Step:4 After you click on Add, the snap-in window will pop-up. Select Computer Account and then click on the Next button.
- Step:5 Select the Local Computer on which this console runs and click Finish.
- Step:6 The certificate will then be added to your Snap-in. Select the certificate and click on OK.
- Step:7 In the console root select Personal >> Certificate >> All Tasks >> Advanced Operations >> Create Custom Request.
- Step:8 The Certificate Enrollment window will pop up. Click on Next.
- Step:9 On the next window, click on “Proceed without enrollment policy” and click Next.
- Step:10 In the Custom Request Window, select, (No Template) CNG key and PKCS#10 format and click on Next.
- Step:11 In the Certificate Information page, click on Details to expand the box and click on Properties & then Next.
- Step:12 In the Certificate Properties window >> Select the General tab >> for Friendly Name and Description. Add the domain for which you need the SSL certificate in the Friendly Name and Description.
- Step:13 Select the Subject tab and under that select Common Name under Type >> Value is the name of your domain for which you are creating the SSL certificate >> Select DNS under Type >> Value is the name of your domain. Click Add. You will see the details added to the right panel. Finally, click Apply.
- Step:14 Click on the Extensions tab and select Extended Key Usage.
- Step:15 Further, scroll down the window and click on Basic Constraints and click the checkbox “Enable this extension.“
- Step:16 Select the Private Key tab and Select Key Options and change Key size to 2048 or the largest key size available also check “Make private key exportable.”
- Step:17 In the same page, on “Select Hash Algorithm” change to SHA-256
- Step:18 Click Apply >> click OK.
- Step:19 Click Next in the Certificate information pop up.
- Step:20 On the Certificate Enrollment wizard, under Where do you want to save the offline request? Select the destination and click Finish.
Self-Signed SSL Certificate Import Steps
- Step:1 Click Certificate Enrolment Requests from the menu on the left >> Right click on Certificates >> All Tasks >> Import.
- Step:2 Click on Next.
- Step:3 In the Certificate Import wizard, select the destination and click Next.
- Step:4 Click Finish in the Complete the Certificate Import Wizard.
- Step:5 You will then see a pop up saying The import was successful. Click OK.
- Step:6 Click Certificates under Certificate Enrollment Requests, to view your certificate.
- Step:7 Double click Certificate and go to Details.
- Step:8 Click Copy to file and click Next.
- Step:9 Select your preferred format and name the file.
- Step:10 Import to Desktop and click Finish.
- Step:11 Import certificate in Personal Store.
- Step:12 Go to the Details tab to check the Signature hash algorithm.Step:13 You will see SHA-256.
Remember, when you use a self-signed certificate, you will notice a certificate error in IE if you do not install the certificate on all machines you use. This is one reason why many prefer standard SSL certificates over self-signed certificates.