How to Create a Self-Signed SSL Certificate in IIS for SharePoint?

Self-Signed certificates provide encryption between the two ends. Technically, self-signed certificates are signed with their own private key. Often they are used in ADFS configuration. We may also have to use self-signed certificates in DEV-Test environments and for evaluations purposes. Let’s see how to create a self-signed certificate using IIS.

Never use self-signed certificate on production sites!

How to create self-signed certificate for SharePoint 2013/2016?

Let’s see how to create a self-signed certificate in IIS step by step:

  1. Open IIS Manager, Click on Server name in the Left navigation Tree, Open “Server Certificates” widget
    create self signed certificate for sharepoint 2013
  2. From the Right pane, Click on “Create Self-Signed Certificate” link
    how to create self-signed certificate sharepoint 2013
  3. Enter the details for your self-signed certificate. Click on “OK” to create self-signed certificate from IIS.
    sharepoint 2013 self signed certificate

That’s all. You’ll find the new self-signed certificate generated and listed in Server Certificates. By default, its validity is for one year with the common name (Issued To) to the server name.

You can create a self-signed certificate using PowerShell:
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname 

How to Bind SSL Certificate with SharePoint Web Application?

Now, our certificate is ready to use! You can bind it with any web application or export-import it to a secure, trusted identity provider or while publishing service applications. Let’s see how to bind the certificate with any SharePoint web applications.

  1. Open IIS >> Select your target web application
  2. From right pane, Select Bindings link. Click on “Add” button.
  3. Select the certificate you created in the previous step from the SSL certificate dropdown. 
    sharepoint self signed certificate

You have to repeat these steps in all your web front ends and application servers.

How to establish a Trust by Importing the Certificate?

  • From SharePoint Central Administration > Navigate to Security > Manage Trust
  • Click New > Enter Name and specify the location for the certificate for “Root Certificate for the trust relationship” and Click OK.

You can achieve the same with PowerShell:

$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\SharePoint.cer ")
New-SPTrustedRootAuthority -Name "SharePoint Certificate" -Certificate $Cert

How to copy a certificate? Just double-click on the Certificate from IIS, Go to the Details tab, and click copy to file!

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *