Hello,

I would like to install a self-signed SSL certificate with my web application installer, i have found the guide relating to generating and installing a self-signed certificate via the custom actions list.

The bit i'm struggling with is then assigning that certificate that the installer creates to the https binding on my iis website within the installer package. The options available (Use existing certificate, install pfx from the package, install pfx chosen at runtime) all seem to need a pfx file to be selected, which doesn't exist as the installer creates it at runtime.

Can you advise how to assign the certificate created via the custom action to the https binding please?

Thanks
Stuart

Hello Stuart and welcome to our forums,

Sorry for the delayed reply on this.

In order to achieve this, you can use the Generate and install self signed certificate custom action. You need to change the Store location to "Local machine":

This custom action requires privileges, therefore you need to enable the "Run as administrator" option from the Install Parameters page.

After that, you can select the "Use existing server certificate" option and add the [AI_THUMBPRINT_PROP] property on the "ThumbPrint (Hash)" field.

Hope this helps! Let us know if you have any other questions.

Best regards,
Liviu

Hi

Sorry for the delay in coming back to you. I have followed your steps and it has generated an SSL certificate and been assigned to my SSL binding on the website created, although when viewing the certificate that is generated in IIS > Server Certificates the "Issued To" is not the machine that the installation took place on, instead it is my company's name which is also set as the "Issued By".

Consequently when I try to browse the website on the machine that is installed I get an SSL certificate warning/error. If I manually create a self signed certificate in IIS the "Issued To" is my machine name, assigning this to my website manually results in the error/warning going away.

Is there something else i need to do to get the "Issued To" property set to the machine the installation takes place on?

Thanks

Hello Stuart,

Thank you for the details.

I've been able to reproduce the described problem. I'm afraid this is the default implementation of our Generate and install self signed certificate custom action.

As a workaround solution, you can try creating your own certificate in a custom action. You can use New-SelfSignedCertificate in PowerShell.

Then, from the PowerShell script, save the certificate thumbprint in a property. Here are details about this: Get and set a property in Windows PowerShell Script custom action.

After that, you can use this property for the SSL Certificate.

Hope this helps!

Best regards,
Liviu

Thanks Liviu

I managed to get it working via Powershell - for anyone else encountering this issue, the following powershell script should help. Once it has generated the SSL certificate to the personal directory it needs to be exported and then imported into the trusted root certificate authority in order for the browser to trust the certificate and not throw an "unsafe" warning.
Then I set the binding in IIS > Bindings/SSL to Use existing server certificate and specified the [SSL_THUMBPRINT] property in the ThumbPrint (Hash).

Hello Stuart,

Thank you for your followup on this.

I am sure this will be of help for other users facing a similar scenario.

Best regards,
Liviu