Skip to content

Instantly share code, notes, and snippets.

@camieleggermont

camieleggermont/UpdateIISExpressCertificate.ps1

Last active November 17, 2024 20:38
Show Gist options
  • Save camieleggermont/5b2971a96e80a658863106b21c479988 to your computer and use it in GitHub Desktop.
Save camieleggermont/5b2971a96e80a658863106b21c479988 to your computer and use it in GitHub Desktop.
Download ZIP
This powershell script generates a new certificate, removes the old certificate assignments from the IISExpress ssl ports and adds the newly generated one. The certificate is also copied over to the Trusted Root Certificate Authorities.
Raw
UpdateIISExpressCertificate.ps1
$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)
$thumb = $cert.GetCertHashString()
For ($i=44300; $i -le 44399; $i++) {
netsh http delete sslcert ipport=0.0.0.0:$i
}
For ($i=44300; $i -le 44399; $i++) {
netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`}
}
$StoreScope = 'LocalMachine'
$StoreName = 'root'
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $StoreScope
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$Store.Add($cert)
$Store.Close()
@lextm
Copy link

lextm commented Jun 14, 2017
edited
Loading

If you prefer a visual tool to do similar, Jexus Manager offers wizards to generate new self-signed certificates, and makes them trusted by the system,

https://blog.lextudio.com/why-chrome-says-iis-express-https-is-not-secure-and-how-to-resolve-that-d906a183f0

@DovMiller
Copy link

Hello camieleggermont,
How do I run this code?
Help is appreciated very much!
Thank you.
Dov

@dwdickens
Copy link

Thank you! This fixed my problem using SSL on my dev for asp.net core.

@Srfigie
Copy link

Srfigie commented Aug 9, 2017

Thanks this helped me and my team a lot!

@anton-abyzov
Copy link

Looks like it doesn't work for Firefox 55+ - https://monosnap.com/file/3yEBEZbYb9Vec6t8HTDG47uT7oNPLv

@PostImpatica
Copy link

Couple points worth mentioning. Remove the -NotAfter section for it to run on Windows2012R2. Also, it iterates over 99 ports so give it a minute to remove all "localhost" certs from every port. Then give it another 99 iterations to add the new certs.

@jeer65
Copy link

jeer65 commented Nov 10, 2017

I executed the script but Firefox is still showing the error in question
Firefox Version 56.0.2,

@skrubbeltrang
Copy link

skrubbeltrang commented Jan 3, 2020
edited
Loading

I had to explicitly specify the certificate store when adding the new certificate to make this otherwise nice solution kick in (asp.net core 3.0 + iis express 10.0.18362.1)

netsh http add sslcert ipport=0.0.0.0:44358 certhash=81FF9blablabla22EA appid=``{214124cd-d05b-4309-9af9-9caa44b2b74a``} certstorename=MY

Skipping the certstorename=MY would cause the SSL certificate binding to state "Certificate Store Name: (null)"

@rifatislamrakesh
Copy link

it worked for me. thanks a lot.

@timabell
Copy link

🙏 Thank you!

Had a legacy project to deal with and tripped over this, problem, your script worked like a charm. Found the gist via https://steffbeckers.eu/blog/iis-express-localhost-ssl-certificate-reset which also has a useful minimum test project at https://github.com/steffbeckers/iis-express-ssl-reset-test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment