Self-signed certificates are acceptable for testing anything used internal.
By default, certificates created through Internet Information Services (IIS) on most Windows OS versions create a SHA-1 certificate by default versus a SHA-256 certificate. SHA-1 certificates are less secure due to their smaller bit size and are being sunset in 2017 for all web browsers.
To create a SHA256 self-signed SSL certificate:
1) Run PowerShell as administrator
2) Run the following command:
a. New-SelfSignedCertificate –DnsName <Computer name> -CertStoreLocation “cert:\LocalMachine\My”
<Computer name> - Should be the name of the computer hosting the Jet Web Portal. It should be fully qualified with the domain name (computer.domain.com).
Next, we need to add the self-signed certificate as a trusted certificate authority. To do this:
1) Run MMC -32 as administrator
2) File -> Add or Remove Snap-ins
3) Select Certificates and click Add
4) Select Computer account
5) Select Local computer
8) Find the certificate in Personal -> Certificates (as seen below)
9) Right-click on the newly created certificate and select Properties. Input the desired Friendly Name field for the certificate based upon what you are testing. Once completed, select the Apply button followed by OK.
10) Right-Click on the certificate and choose Copy
11) Expand Trusted Root Certification Authorities
12) Right-Click on the Certificates folder
13) Select Paste
14) In IIS, you can now see and use the self-signed certificate with SHA-256 as the SSL certificate.