Creating a Self-Signed SSL Certificate for Developing and Testing Against IIS

Sometimes you find yourself needing to develop or test on an encrypted connection. Whether it is an MVC binding forcing you to do SSL or you simply want to get rid of your browser’s mixed content warnings, a local certificate can come in handy.

Creating your .cer file

  1. Start by locating makecert.exe. You can typically find it in and C:\Program Files (x86)\Windows Kits\10\bin\x64 on a Window 10 machine. I copied the executable to c:\temp just to have it handy but that’s not necessary.
  2. Browse to that location with Command Prompt with Administrative privileges.
  3. You can actually create a certificate to run against your machine name and you can also have it work against localhost. To create a certificate for your machine name, use the following command:
makecert -n "CN=%ComputerName%" -ss MY -sr LocalMachine -b 08/09/2016 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer

If you also want it to work for localhost, you can add multiple CNs when creating the cert:

makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/09/2016 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer

Note that IIS Express will install a localhost certificate so you don’t need to do this if you are debugging against IIS Express.

Adding HTTPS binding to your site on IIS

Once the certificate is created, you should be able to go into IIS and create an HTTPS binding for your site.

  1. Find your website on IIS.
  2. Click Bindings… on the menu on the right.
  3. Click Add….
  4. In the Add Site Binding box, set Type to “https” and your newly-created certificate should be available in the SSL certificate dropdown.

(ignore the typo on my computer name, thanks TED!)

Setting the Certificate as a Trusted Person

You will need your machine to trust the newly-created certificate to avoid SSL warnings from your browser. You can do that by installing the certificate in your Trusted People store.

  1. Your new certificate should already be under Personal and Certificates in MMC.
  2. Copy your new certificate from the Personal store and paste it into the Trusted People store.

Testing things out

Navigate to your site or application using your favorite browser using HTTPS and you should be able to see its content without warnings.

Delores from Westworld

Related posts