apajovejohn
Posts: 19
Joined: Tue Dec 18, 2018 6:11 pm

Custom Action to Create Self-Signed Cert does not work for IIS Binding

Wed Apr 26, 2023 5:26 pm

Hi,
Just a heads-up that the new-ish CA for creating a self-signed certificate appears to result in a cert that has no trusted root, so IIS will not render a website bound to it.

A simple fix is to create a PowerShell task to create the cert correctly:

Code: Select all

$myFQDN = [System.Net.Dns]::GetHostByName($env:computerName).hostname
$cert = New-SelfSignedCertificate -DnsName "$myFQDN" -CertStoreLocation "cert:\LocalMachine\My"
$DestStore = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"localmachine")
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$DestStore.Close()
$Thumbprint = $cert | Select-Object Thumbprint -expandproperty Thumbprint
AI_SetMsiProperty MY_CERTIFICATE $Thumbprint

Catalin
Posts: 6542
Joined: Wed Jun 13, 2018 7:49 am

Re: Custom Action to Create Self-Signed Cert does not work for IIS Binding

Fri Apr 28, 2023 11:48 am

Hello,

Thank you very much for your feedback here and for sharing your solution with us!

I am sure this will come in handy for other customers facing a similar scenario.

If possible, could you please give me a test-case so I can further test this on my end and have it fixed by our dev team?

I have tried testing it, but I was not quite able to reproduce the behavior.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”