Installing a Self-Signed Local SSL Certificate for IIS

As your live website will be under HTTPS it makes sense for your local environment to be the same. It’s simple to bind the IIS Developer Certificate, but Chrome will class it as insecure and you will get the error below when opening for the first time. You will have to click advanced and then proceed (unsafe). Once you’re in, Chrome will mark the URL with a red strike and indicate the connection is not secure.

 

This looks messy. I want to set up a self-signed certificate that chrome understands as secure so I don’t get any warnings and it shows the green padlock just like my live site. To do this we need to generate a certificate using the domain of our local instance and import it into the Trusted Root Certificate Authorities on our local machine. We will be using a combination of PowerShell and

manual steps. This can be fully automated with PowerShell but the additional manual steps helps to understand the process.

The example I will be using for this is for my local IIS instance of intermittentbug. The local domain is www.intermittentbug.local.

Step 1 - Create the certificate in PowerShell

To begin I need to create the SSL certificate. This can be done in Powershell. Open a new window as Administrator and run the following command.

New-SelfSignedCertificate -DnsName "www.intermittentbug.local" -CertStoreLocation "cert:\LocalMachine\My"

 Hint – make sure you replace the DnsName with your local Domain

This will save your certificate to the Personal Certificates on your machine. To see it we need to open CertMgr. press the windows key and type CertMgr. On the start menu click Manage Computer Certificates

Step 2 – Export the certificate.

You can see that your certificate in Personal Certificates. It needs to be moved into the trusted root. To do this we export it.

  • Right click and choose All Tasks -> Export
  • Yes, Export the private key -> Next
  • Next
  • Click the password checkbox and enter something simple – its only local afterall. -> Next
  • Next
  • Now enter a name – your local domain is what I would recommend –> Next
  • Finish

Step 3 – Import the certificate.

  • double click on your certificate in the folder you saved it.
  • Select Local Machine
  • Next
  • Enter your password -> Next
  • Place all certificates in the following store -> Browse
  • Select Trusted Root Certification Authorities
  • Finish

 Step 4 – Updating IIS Bindings

Go back you your IIS site and select bindings. For your SSL 443 in the dropdown you will see your new SSL Cert. Select this and click ok. Its also worth restarting IIS. If you have still got your PowerShell command window open, just type iisreset.

Close and reopen Chrome and enter your local Domain. You will see its now set as secure and you have the green padlock.

 

So there we have it, no more insecure screens locally!

 


JGilmartin Profile Image

JGilmartin

Technical Architect at Pinewood Technologies

Rating: 3180

C# Expert

Online Now


Tutorial Statistics
  • Views: 185
  • Comments: 0
  • Author: JGilmartin (3180)
  • Date: 1/1/2019 16:45
Tags
.NET IIS ASP.NET Powershell

© 2016 - 2019 - IntermittentBug