Article: How to Setup Multiple SSL Self-Signed Certs for IIS 6 on Windows Server 2003


This article shows how to have multiple SSL self-signed certs on an IIS 6 server and how to work around an issue in SelfSSL.

Most articles will tell you to get Microsoft's IIS Resource Kit use the SelfSSL. But it has a bug where if you try to use it to configure more than one certificate it can corrupt your SSL configuration. In this article we'll show you how to work around that using a different tool from Microsoft that's also free.

Instead of SelfSSL, get your hands on SSL Diagnostics v1.1 from Microsoft. SSL Diagnostics is a quirky little tool but its awkward interface provides access to a lot of powerful features.

In particular, it's super easy to add a new self-signed certificate to any site. The first step is to locate the site which you can do until you find an entry that reads "ServerComment =" (of course the site name will be whatever you chose when you added it).

It will look something like what you see in this screenshot:


Next right-click on the site section and choose "Create New Cert". The tool will immediately create a new self-signed certificate for the site and refresh the display. Just scroll down to find the site and you'll see something like what you see in this screenshot:


That's all! And the best part is that it will work just fine for multiple sites. Just do them one at a time.

A few tips:

1. If you try to use SelfSSL to configure multiple self-signed certificates, you are in for trouble. The SSL configuration will be corrupted and you'll start getting Server 500 error messages.

2. When you right-click in SSL Diagnostics make sure it's in the section for the site you want to change. The site section starts with [W3SVC/#####] where ##### is the site number and just below it the "ServerComment=" line will show you the server name for the site that the section represents. The ServerComment line will be the same as the site name in the IIS Manager.

3. The [W3SVC/#####] line can be very useful on its own. The ##### is the site number and you need this number with some tools in the IIS Resource Kit.