https://stackoverflow.com/questions/17551103
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSelf-signed certificates are handled differently by different clients. I don't think there's a general rule.
For example, if you connect Firefox to a site using your self-signed certificate, you can add an exception that will be tied to that particular host name. It's the same exception you can use for certificate that is trusted via a known CA, but for a different website. Effectively, the Firefox exception mechanism does both at once: each exception will be for a combination of target host name and specific certificate.
This is certainly not the case for all "exception" mechanisms you'd use to handle a self-signed certificate. For example, adding a certificate to your truststore in Java might make it trusted, but your Java application would still verify the hostname (if it's implemented correctly).
The status of self-signed certificates is problematic in general.
If for some reason you can't use a certificate from a well-known CA, using your own CA would probably be a better option than using a self-signed certificate directly. This should at least allow you to have a more realistic environment (especially regarding the two concerns of checking the authenticity of the cert itself and the identity of the cert) when you want to switch to another CA later on.
I don't know whether there's a good way to do all this within IIS, but there are tools that can help you with this. XCA comes to mind. You should then be able to export your host certificate in PKCS#12 format (p12/pfx) and import it into IIS, as well as exporting your CA certificate in PEM format and import it in your clients.
