Share via

What is the correct way to create self-signed TLS/SSL certificate?

Anonymous
2024-02-19T10:22:30+00:00

Our company have Windows Server 2022 Standard as a server, which is used for development work. It is not connected to our domain, because it is sometimes used at our customer's premises for demo purposes when our system is presented to the customer. The server is a member of a workgroup. It runs SQL server, REST application and application that runs on IIS. Client workstations are again Windows workstations connected to the our domain or to the customer's domain or mobile devices (Wlan).

How should self-signed TLS/SSL certificate to be created in such an environment so that the client's browser does not give a notification that the connection is not secure?

I have tried creating the certificate according to this instruction, but it does not work properly in our environment.

Would there be step-by-step instructions somewhere on how to create a self-signed certificate that would work in the environment I described?

Windows for business Windows Server Networking Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-02-21T08:22:44+00:00

    It is not possible to my knowledge to create a self-signed certificate that would not be flagged as unsafe and issue a warning by the browser in the environment you describe, at least not in a standard web browser environment. This is because major browser and operating system manufacturers (such as Google, Mozilla, Apple, etc.) only trust certificates signed by recognized Certificate Authorities (CAs). These authorities follow strict auditing processes, and their root certificates are provisioned in the trust stores of major browsers. Self-signed certificates do not go through a verification process by such an authority, so browsers do not trust them by default. Even if you manually import a self-signed certificate into the client device's trusted certificate store, the certificate will still not be trusted to external clients who do not do the same, and browsers will display an insecure warning.

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-20T08:22:39+00:00

    Hello,

    While creating a self-signed TLS/SSL certificate allows clients in your internal environment to trust the certificate, please note that browsers of external clients that are not under your control may still display an insecurity warning because they are unable to provide the same Certificates issued by a certification authority have the same security level.

    Greetings

    Zunhui

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2024-02-20T10:47:28+00:00

    Thanks for this. So is there any possibility to create a self-signed certificate that would work in any case in the environment I described?

    0 comments
  3. Anonymous
    2024-02-21T09:07:33+00:00

    Thank you very much, this was really a clear answer that clarified the matter.

    0 comments