How to sign an IIS SSL certificate request using OpenSSL

The OpenSSL toolkit can be used to sign IIS / ADAM certificate requests. This is done in 5 steps:

1. Create a directory and put the certificate request file certreq.txt in it. This file is typically generated by the IIS Certificate Wizard.

2. Generate an RSA private key for your certificate authority (CA). You will be prompted to enter a password to protect the key.

openssl genrsa -des3 -out cakey.pem 2048

3. Using the above private key generate a certificate for your certificate authority (CA). You will be prompted to enter a few details about your CA, such as organisation name.

openssl req -new -key cakey.pem -x509 -days 1825 -extensions v3_ca -out ca.crt

4. Finally, use your certificate authority (CA) to sign the IIS certificate request. It will be marked valid for 365 days.

openssl x509 -req -days 365 -in certreq.txt -CA ca.crt -CAkey cakey.pem -CAcreateserial -out iis.cer

5. Restart the IIS Certificate Wizard and pass the signed certificate iis.cer to it.

Done!