You are here: Home / FAQ / Server / How to Create Self-signed Certificate on Local IP Address

How to Create Self-signed Certificate on Local IP Address

Description

This article describes necessery steps on how to generate a self-signed SSL certificate for eWay-CRM webservice and how to use it in Windows.

Version

All versions of eWay-CRM

Difficulty

Medium

Resolution

Launch PowerShell as administrator.

Using this command, you create a certificate for the eway.local domain a 192.168.1.20 IP address. Change the domain and IP address to your needs. The validity of the certificate will last 25 years - you can change it by the NotAfter parameter.

New-SelfSignedCertificate -Subject eway.local -TextExtension @("2.5.29.17={text}DNS=eway.local&IPAddress=192.168.1.20") -NotAfter (Get-Date).AddYears(25) -CertStoreLocation cert:\LocalMachine\My

If you call the command, you will see the thumbprint of the certificate in the console. You will need the thumbprint to export the certificate. Now, the certificate is available on IIS in the Server Certificate section and you can add it to the webserver.

Export can be done by this command where F94032CBE3B4063EE4CF9E1987E6B75CD4407EB2 must be changed to your own thumbprint.

Export-Certificate -Cert Cert:\LocalMachine\My\F94032CBE3B4063EE4CF9E1987E6B75CD4407EB2 -FilePath C:\Temp\eway.local

Certificate cannot be accepted on devices now, you must make it trustworthy.

in Windows, open the generated CER file.

Click Install certificate...

Here, select Local Machine and Next.

Store certificate in Trusted Root Certification Authorities.

Now, the access to your web service address (e.g. https://192.168.1.20should work without a certificate error.