How to create a self-signed Wildcard SSL Certificate
Often times you need to run some SSL scenarios on a SharePoint site and getting a full CA SSL certificate may not be the quickest or economical option for a test environment. In my scenario, I needed to test several HNSC (Host Name Site Collections) in a single web application using the same domain name, such as, portal.contoso.com, teams.contoso.com. One of the great benefits of using HNSC is the ability to provide unique vanity URLs to each of your site collections, and secure traffic using single wild card SSL certificate. To learn more about HNSC, click here.
In order to create the cert, you will need to use the Makecert tool, available in the Windows 7 and Windows 8 SDK. You can download the SDK from the Microsoft Download center. After you have downloaded and installed the SDK, use the following steps to create the cert:
Open Command prompt, go to C:\Program Files (x86)\Windows Kits\8.0\bin\x86 and run the following command. Replace the date with the current date and domain name with your own domain name.
makecert -r -pe -e <09/14/2014> -eku 22.214.171.124.126.96.36.199.1 -ss My -n CN=<*.domain.local> -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -len 2048
Above command creates a certificate that is good for a year, and will store it in the CurrentUser certificate store. The key piece in that above command that makes the cert wildcard is the CN=*.domain.local parameter. The next steps are to export and import the cert into your SharePoint servers:
- Export the cert to a file path so you can then import it into your SharePoint Server(s). Open MMC and add the "Certificate" snap-in, browse to Personal/Certificates store, right click the cert, click All Tasks > Export. Follow the prompt to complete the wizard.
- After the file has been exported, copy and import it into your SP Server(s) using IIS manager, and then bind it to the web app. Since these are going to be your dev/test servers, you can optionally save the cert to the local trust authority to avoid the "not trusted authority…" warning messages.