Create a Self-Signed Certificate

Important! If you are using a X.509 Certificate from a Certificate Authority skip to the Configure Your Site to Use Certificates section.

Note: To use the Self-Signed High Trust Certificate Generation page, the Site App Pool account must be a local Admin to enable access to the Certificate Store. Once created, the requirement can be removed.

Issued To

When using the Server Name as the Issued To value, you will often receive a Certificate Name mis-match warning in web browsers even if the Add-In site has been added as a Trusted Site.
This warning does NOT impact functionality.
If a DNS record can be added, depending on company policy, this mis-match warning can be avoided by using the Add-In Web Site Host Name.

Example:

Add-In Web Site Host Name: Issued To: addin.mydomain.local

Add a DNS entry addin.mydomain.local pointing to the server IP address.

Procedure:

Navigate to the Self-Signed High Trust Certificate Generation page. For Example, http://localhost:5063/Pages/Certificate.aspx.
Enter the following fields
1. Certificate Friendly Name: Enter a friendly name for the Certificate. By default this value is set to "BAInsight AutoClassifier AddIn"
2. Issued To: Enter the issued to value. The default value is set to the server FDQN. For more information, see See the Issued To Note above.
3. Years of Validity: Enter the number of years until the certificate will expire.
4. Password: Enter the certificate password. Note: AutoClassifier does not store this password, therefore you should store the password in a safe location for future use.
Click the Generate Certificate button. A certificate is generated and loaded to both the Personal and Trusted Root Certification Authorities certificate stores.
Once generated, the same certificate can NOT be regenerated without first being removed from the Certificate Store.
Download both the .pfx and .cer file to a folder on the server. For example, C:\Certs.
Close the web browser when finished.