Generate IIS7 SSL certificates for alternate hostname

Windows_logo_-_2012In some cases it is necessary to have a self signed SSL certificate which does not have the hostname as issuer but the Full Qualified Domain name. In this case the IIS7.0 graphical interface is not sufficient because it only lets you create certificates with the hostname as issuer! Luckily Microsoft released a CLi tool to create certificates:

First you need to download the Internet Information Services (IIS) 6.0 Resource Kit Tools from Install the toolkit on the Server you want to create the self signed SSL certificates for and just select “SelfSSL Tool” during the wizard. 

change Directory to:

Parameters Explained:
/s: SiteId
/N:CN: Canonical FQDN ( or
/V: Validy in days (365 equals 1 year; Value can be self defined!)

To determ the Site ID for IIS5 and IIS6 check out this link: How to find the SiteID in IIS5 and IIS6


SiteID in IIS7