Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
IIS Express certs (for now) don't contain SAN strings. This makes Chrome unhappy. Make Chrome happy again with a new organic, artisanal, gluten free HTTPS certificate.
# Create a new self signed HTTPS Certificate for IIS Express
# Crafted with all organic, GMO, gluten free ingreditations
# with an artisinal SAN to make Chrome 58 onwards happy.
#
# See https://bugs.chromium.org/p/chromium/issues/detail?id=308330
#
# Run this at an administrative PowerShell prompt.
#
# You will be prompted to trust a new certificate via a windows dialog.
# Click yes otherwise Visual Studio will not be able to determine your
# process ID when you launch your web application/
#
# SCRIPT PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED.
$certificate = New-SelfSignedCertificate `
-Subject localhost `
-DnsName localhost `
-KeyAlgorithm RSA `
-KeyLength 2048 `
-NotBefore (Get-Date) `
-NotAfter (Get-Date).AddYears(5) `
-CertStoreLocation "cert:CurrentUser\My" `
-FriendlyName "IIS Express Development Certificate" `
-HashAlgorithm SHA256 `
-KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")
$certificatePath = 'Cert:\CurrentUser\My\' + ($certificate.ThumbPrint)
# Now export the certificate to a pfx
$pfxPassword = ConvertTo-SecureString ([Guid]::NewGuid().ToString()) -Force -AsPlainText
$pfxFilePath = [system.io.path]::GetTempFileName()
$cerFilePath = [system.io.path]::GetTempFileName()
Export-PfxCertificate -Cert $certificatePath -FilePath $pfxFilePath -Password $pfxPassword
Export-Certificate -Cert $certificatePath -FilePath $cerFilePath
# Delete the cert we created from the user store now we've exported it
Remove-Item $certificatePath
# Now pull in the PFX to the two places it needs to be.
# First to the machine personal store, so netsh can bind
Import-PfxCertificate -FilePath $pfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable
# Now to the user root store so trust is enabled
# This will cause Windows to throw up a dialog, so click yes, otherwise VS is going to be very unhappy and unable to determine your app process ID.
Import-Certificate -FilePath $cerFilePath -CertStoreLocation Cert:\CurrentUser\Root
# Now bind using netsh. The app ID is the IIS Express app ID.
for ($port = 44300; $port -lt 44400; $port++)
{
$command = "http delete sslcert ipport=0.0.0.0:$port"
Write-Output $command
$command | netsh
$command = "http add sslcert ipport=0.0.0.0:$port certhash="+$($certificate.Thumbprint)+" appid={214124cd-d05b-4309-9af9-9caa44b2b74a}"
Write-Output $command
$command | netsh
}
# Clean up the temporary PFX
Remove-Item $pfxFilePath
Remove-Item $cerFilePath
@samrueby

This comment has been minimized.

Copy link

samrueby commented May 12, 2017

Thank you- Add guac plz.

@blowdart

This comment has been minimized.

Copy link
Owner Author

blowdart commented May 12, 2017

I can't add guac, I believe Chrome is deprecating avocado support :D

@andreimuntean

This comment has been minimized.

Copy link

andreimuntean commented May 12, 2017

THANK YOU!

(I had to change '–AsPlainText' to '-AsPlainText' (replaced the en-dash with the hyphen) for the script to run -- and it works!)

@blowdart

This comment has been minimized.

Copy link
Owner Author

blowdart commented May 12, 2017

Oops, dunno what happened there. Cut and paste hiccup maybe? Updated.

@MiroJ

This comment has been minimized.

Copy link

MiroJ commented May 17, 2017

Worked as a charm! Thanks, blowdart!

@adothelimey

This comment has been minimized.

Copy link

adothelimey commented May 17, 2017

Thankyou!

@lifeinchords

This comment has been minimized.

Copy link

lifeinchords commented May 31, 2018

May the mountains bless you.. Resolves my issue on VS2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.