If you’re a developer and you want to be able to use SSL on your development machine, or you are just doing some in-house development, you can install an SSL certificate on your IIS server without obtaining it from VeriSign, Thawte or others.

The plus side is that you can enable this right away for free. The downside is that any visitors to your site will get the security warning saying that the certificate used is not valid. If this is for in-house use only, you can add the certificate to your trusted certs for IIS for yourself and/or all your internal employees. Otherwise, you can just deal with the security pop-up. Either way, it works for testing SSL on your dev box.

Installing it is actually pretty easy. First, you need to install the IIS 6.0 Resource Kit From Microsoft:

[url]http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en[/url]

Once it’s installed, Your Start menu will contain a new folder with a bunch of IIS utilities.

To install the cert, run the app: Start -> IIS Resources -> SelfSSL -> SelfSSL

A DOS window will open with some instructions. At the DOS prompt, type “SelfSSL” (without the quotes) to run the app and enter “Y” when prompted to override your default certificate.

At that point SSL should be installed - you can verify this by opening your browser to https://localhost/