Signing an IIS Certificate using OpenSSL

I had a requirement to install OpenSSL (on Windows) and sign some certificates generated from IIS.

I was using Windows 8.1 which had IIS installed.

I installed OpenSSL into it's default folder but should have installed it to C:\OpenSSL.

The reason for this is that it would have been good to add C:\OpenSSL to the Path environment variable - anyway I managed.

When you create a Certificate in IIS you would have generated an unsigned certificate file and put it somewhere. Copy that file into C:\OpenSSL\share (just to make things easier) - call it "certreq.txt".

From a Command Prompt change into the C:\OpenSSL\share folder.

Type:

openssl x509 -req -days 365 -in certreq.txt -CA capub.crt -CAkey cakey.pem -CAcreateserial -out iis.cer

Your signed certificate is called "iis.cer".

You can now go into IIS and complete the certificate registration process.

Note: Once done the certificate can be accessed from MMC. Start MMC, add the Certificates snap-in --> Computer account --> Local Machine --> Personal --> Certificates.