Hello,
I would like to install a self-signed SSL certificate with my web application installer, i have found the guide relating to generating and installing a self-signed certificate via the custom actions list.
The bit i'm struggling with is then assigning that certificate that the installer creates to the https binding on my iis website within the installer package. The options available (Use existing certificate, install pfx from the package, install pfx chosen at runtime) all seem to need a pfx file to be selected, which doesn't exist as the installer creates it at runtime.
Can you advise how to assign the certificate created via the custom action to the https binding please?
Thanks
Stuart
Suggested Articles
-
StuartRowcliffe
- Posts: 3
- Joined: Mon Jul 22, 2019 3:14 pm
Re: SSL Self Signed Certificates
Hello Stuart and welcome to our forums,
Sorry for the delayed reply on this.
In order to achieve this, you can use the Generate and install self signed certificate custom action. You need to change the Store location to "Local machine":
This custom action requires privileges, therefore you need to enable the "Run as administrator" option from the Install Parameters page.
After that, you can select the "Use existing server certificate" option and add the [AI_THUMBPRINT_PROP] property on the "ThumbPrint (Hash)" field.
Hope this helps! Let us know if you have any other questions.
Best regards,
Liviu
Sorry for the delayed reply on this.
In order to achieve this, you can use the Generate and install self signed certificate custom action. You need to change the Store location to "Local machine":
- self signed CA.png (67.99 KiB) Viewed 11811 times
This custom action requires privileges, therefore you need to enable the "Run as administrator" option from the Install Parameters page.
After that, you can select the "Use existing server certificate" option and add the [AI_THUMBPRINT_PROP] property on the "ThumbPrint (Hash)" field.
- ssl.png (39.43 KiB) Viewed 11811 times
Hope this helps! Let us know if you have any other questions.
Best regards,
Liviu
-
StuartRowcliffe
- Posts: 3
- Joined: Mon Jul 22, 2019 3:14 pm
Re: SSL Self Signed Certificates
Hi
Sorry for the delay in coming back to you. I have followed your steps and it has generated an SSL certificate and been assigned to my SSL binding on the website created, although when viewing the certificate that is generated in IIS > Server Certificates the "Issued To" is not the machine that the installation took place on, instead it is my company's name which is also set as the "Issued By".
Consequently when I try to browse the website on the machine that is installed I get an SSL certificate warning/error. If I manually create a self signed certificate in IIS the "Issued To" is my machine name, assigning this to my website manually results in the error/warning going away.
Is there something else i need to do to get the "Issued To" property set to the machine the installation takes place on?
Thanks
Sorry for the delay in coming back to you. I have followed your steps and it has generated an SSL certificate and been assigned to my SSL binding on the website created, although when viewing the certificate that is generated in IIS > Server Certificates the "Issued To" is not the machine that the installation took place on, instead it is my company's name which is also set as the "Issued By".
Consequently when I try to browse the website on the machine that is installed I get an SSL certificate warning/error. If I manually create a self signed certificate in IIS the "Issued To" is my machine name, assigning this to my website manually results in the error/warning going away.
Is there something else i need to do to get the "Issued To" property set to the machine the installation takes place on?
Thanks
Re: SSL Self Signed Certificates
Hello Stuart,
Thank you for the details.
I've been able to reproduce the described problem. I'm afraid this is the default implementation of our Generate and install self signed certificate custom action.
As a workaround solution, you can try creating your own certificate in a custom action. You can use New-SelfSignedCertificate in PowerShell.
Then, from the PowerShell script, save the certificate thumbprint in a property. Here are details about this: Get and set a property in Windows PowerShell Script custom action.
After that, you can use this property for the SSL Certificate.
Hope this helps!
Best regards,
Liviu
Thank you for the details.
I've been able to reproduce the described problem. I'm afraid this is the default implementation of our Generate and install self signed certificate custom action.
As a workaround solution, you can try creating your own certificate in a custom action. You can use New-SelfSignedCertificate in PowerShell.
Then, from the PowerShell script, save the certificate thumbprint in a property. Here are details about this: Get and set a property in Windows PowerShell Script custom action.
After that, you can use this property for the SSL Certificate.
Hope this helps!
Best regards,
Liviu
-
StuartRowcliffe
- Posts: 3
- Joined: Mon Jul 22, 2019 3:14 pm
Re: SSL Self Signed Certificates
Thanks Liviu
I managed to get it working via Powershell - for anyone else encountering this issue, the following powershell script should help. Once it has generated the SSL certificate to the personal directory it needs to be exported and then imported into the trusted root certificate authority in order for the browser to trust the certificate and not throw an "unsafe" warning.
Then I set the binding in IIS > Bindings/SSL to Use existing server certificate and specified the [SSL_THUMBPRINT] property in the ThumbPrint (Hash).
I managed to get it working via Powershell - for anyone else encountering this issue, the following powershell script should help. Once it has generated the SSL certificate to the personal directory it needs to be exported and then imported into the trusted root certificate authority in order for the browser to trust the certificate and not throw an "unsafe" warning.
Code: Select all
$params = @{
DnsName = $env:computername
CertStoreLocation = 'Cert:\LocalMachine\My'
FriendlyName = '<Whatever you want>'
}
$certificate = New-SelfSignedCertificate @params
$thumbprint = $certificate.Thumbprint
Export-Certificate -Cert cert:\localmachine\my\$thumbprint -FilePath c:\temp\<YourCertificateName>.cer -force
Import-Certificate -filePath C:\temp\<YourCertificateName>.cer -CertStoreLocation "cert:\LocalMachine\Root"
[string] $stringThumbprint = $certificate.Thumbprint
AI_SetMsiProperty SSL_THUMBPRINT $stringThumbprint
Re: SSL Self Signed Certificates
Hello Stuart,
Thank you for your followup on this.
I am sure this will be of help for other users facing a similar scenario.
Best regards,
Liviu
Thank you for your followup on this.
I am sure this will be of help for other users facing a similar scenario.
Best regards,
Liviu