How to issue a self-signed certificate

To have a properly working SSL web site you have to assign a SSL certificate to it. A real one costs real money. Easily especially for development to issue a self-signed one.

To create certificates I will use MakeCert.exe that is shipped with Windows SDK (usual path is %ProgramFiles%\Microsoft SDKs\Windows\v7.1A\Bin\).

First step: create a certificate at TempCA.cer with subject name CA=TempCA with private key kept in TempCA.pvk:

makecert -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cer

Second step: create a certificate at SignedByCA.cer in container SignedByCA with subject name CN=example.com (probably should correspond to the web site address) signed by root authority certificate TempCA.cer with private key at TempCA.pvk and save it into the store named My for CurrentUser:

makecert -sk SignedByCA -n "CN=example.com" -iv TempCA.pvk -ic TempCA.cer SignedByCA.cer -sr CurrentUser -ss My

Third step: generate Personal Information Exchange (.pfx) file at TempCA.pfx from certificate TempCA.cert and private key TempCA.pvk (with no password):

Pvk2Pfx -pvk TempCA.pvk -spc TempCA.cer -pfx TempCA.pfx -f

See MSDN for more details.