Sometimes you may need SSL certificate just for testing your (local) web application. Of course, for public and trusted purposes, you’ll probably use free Let’s Encrypt certificate or something similar (or, of course, any of the paid options).
And this is OK as long as you have publicly resolvable domain name.
But what if you need certificate for, let’s say, “localhost” or “webserver.local”?
Then you’ll probably use your internal PKI infrastructure or a simple self-signed certificate.
Second one can be easily achieved with PowerShell, by using the New-SelfSignedCertificate cmdlet (or with OpenSSL, yes 🙂).
So, let me show you how.
We have a simple IIS setup hosting a single (default) website, responding to http://localhost/:
We’ll issue a new self-signed certificate, make it trusted (important!) and then attach it to our test website, with following:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# create your self-signed certificate for 'localhost', stored in Computer store and valid for 2 years $selfCert = New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(2) # Thumbprint Subject # ---------- ------- # 2CE1566A7F73D6974F5378C76759F23473434863 CN=localhost # make this certificate trusted (locally) (i.e. copy it from Personal store to Trusted Root CAs store) $srcStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "My", "LocalMachine" $srcStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly) $cert = $srcStore.certificates -match $selfCert.Thumbprint $dstStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine" $dstStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) $dstStore.Add($cert[0]) $srcStore.Close() $dstStore.Close() # bind this certificate to our IIS website New-IISSiteBinding -Name "Default Web Site" -BindingInformation "*:443:" -CertificateThumbPrint $selfCert.Thumbprint -CertStoreLocation "Cert:\LocalMachine\My" -Protocol https |
If everything goes well, we will see another binding created in our IIS console:
And if we open https://localhost/, all should be good as well:
Cheers!