如何为域名创建自签名证书以在 Windows 10 及更低版本上进行开发? [英] How to create a self-signed certificate for a domain name for development on Windows 10 and below?

问题描述

我有用于开发目的的 subdomain.example.com.我的 Web 应用程序解决方案包含一个 Web API 等，我需要从外部系统调用它，因此我没有使用 localhost.

I have subdomain.example.com that I use for development purposes. My web application solution contains a web API etc, that I need to call from external systems, hence I am not using localhost.

我现在需要测试 SSL 并且需要我的 subdomain.example.com 开发域名的证书.

I now need to test for SSL and need a certificate for my subdomain.example.com development domain name.

我已尝试按照 http: 中所述创建自签名证书://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx，但此证书仅适用于本地主机.这个证书可以用于我的目的还是我必须为我的开发子域创建一个自签名?如果我必须为我的开发子域创建自签名证书，我可以为此使用什么实用程序或在线服务(免费)?

I have tried creating a self-signed certificate as outlined in http://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx, but this certificate only works for localhost. Can this certificate be used for my purpose or will I have to create a self-signed for my development subdomain? If I have to create a self-signed certification for my development subdomain, what utility or online service (Free) can I use for this?

推荐答案

使用 IIS 的自签名证书功能，您无法为证书设置通用名称 (CN)，因此无法创建绑定到您选择的子域的证书.

With IIS's self-signed certificate feature, you cannot set the common name (CN) for the certificate, and therefore cannot create a certificate bound to your choice of subdomain.

解决该问题的一种方法是使用 makecert.exe，它与 .Net 2.0 SDK 捆绑在一起.在我的服务器上它位于:

One way around the problem is to use makecert.exe, which is bundled with the .Net 2.0 SDK. On my server it's at:

C:\Program Files\Microsoft.Net\SDK\v2.0 64bit\Bin\makecert.exe

您可以创建一个签名授权并将其存储在 LocalMachine 证书存储库中，如下所示(这些命令必须从管理员帐户或提升的命令提示符中运行):

You can create a signing authority and store it in the LocalMachine certificates repository as follows (these commands must be run from an Administrator account or within an elevated command prompt):

makecert.exe -n "CN=My Company Development Root CA,O=My Company,
 OU=Development,L=Wallkill,S=NY,C=US" -pe -ss Root -sr LocalMachine
 -sky exchange -m 120 -a sha1 -len 2048 -r

然后，您可以创建一个绑定到您的子域并由您的新授权机构签署的证书:

You can then create a certificate bound to your subdomain and signed by your new authority:

(注意 -in 参数的值必须和上面用来生成你的权限的 CN 值相同.)

(Note that the the value of the -in parameter must be the same as the CN value used to generate your authority above.)

makecert.exe -n "CN=subdomain.example.com" -pe -ss My -sr LocalMachine
 -sky exchange -m 120 -in "My Company Development Root CA" -is Root
 -ir LocalMachine -a sha1 -eku 1.3.6.1.5.5.7.3.1

然后，您的证书应显示在 IIS 管理器中，以绑定到您的站点，如 Tom Hall 的帖子所述.

Your certificate should then appear in IIS Manager to be bound to your site as explained in Tom Hall's post.

感谢 Mike O'Brien 在 http://www.mikeobrien.net/blog/creating-self-signed-wildcard

All kudos for this solution to Mike O'Brien for his excellent blog post at http://www.mikeobrien.net/blog/creating-self-signed-wildcard

这篇关于如何为域名创建自签名证书以在 Windows 10 及更低版本上进行开发?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！