Skip to content

Instantly share code, notes, and snippets.

@camieleggermont
Last active December 3, 2024 05:10
Show Gist options
  • Save camieleggermont/5b2971a96e80a658863106b21c479988 to your computer and use it in GitHub Desktop.
Save camieleggermont/5b2971a96e80a658863106b21c479988 to your computer and use it in GitHub Desktop.
This powershell script generates a new certificate, removes the old certificate assignments from the IISExpress ssl ports and adds the newly generated one. The certificate is also copied over to the Trusted Root Certificate Authorities.
$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)
$thumb = $cert.GetCertHashString()
For ($i=44300; $i -le 44399; $i++) {
netsh http delete sslcert ipport=0.0.0.0:$i
}
For ($i=44300; $i -le 44399; $i++) {
netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`}
}
$StoreScope = 'LocalMachine'
$StoreName = 'root'
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $StoreScope
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$Store.Add($cert)
$Store.Close()
@lextm
Copy link

lextm commented Jun 14, 2017

If you prefer a visual tool to do similar, Jexus Manager offers wizards to generate new self-signed certificates, and makes them trusted by the system,

https://blog.lextudio.com/why-chrome-says-iis-express-https-is-not-secure-and-how-to-resolve-that-d906a183f0

@DovMiller
Copy link

Hello camieleggermont,
How do I run this code?
Help is appreciated very much!
Thank you.
Dov

@dwdickens
Copy link

Thank you! This fixed my problem using SSL on my dev for asp.net core.

@Srfigie
Copy link

Srfigie commented Aug 9, 2017

Thanks this helped me and my team a lot!

@anton-abyzov
Copy link

Looks like it doesn't work for Firefox 55+ - https://monosnap.com/file/3yEBEZbYb9Vec6t8HTDG47uT7oNPLv

@PostImpatica
Copy link

Couple points worth mentioning. Remove the -NotAfter section for it to run on Windows2012R2. Also, it iterates over 99 ports so give it a minute to remove all "localhost" certs from every port. Then give it another 99 iterations to add the new certs.

@jeer65
Copy link

jeer65 commented Nov 10, 2017

I executed the script but Firefox is still showing the error in question
Firefox Version 56.0.2,

@skrubbeltrang
Copy link

skrubbeltrang commented Jan 3, 2020

I had to explicitly specify the certificate store when adding the new certificate to make this otherwise nice solution kick in (asp.net core 3.0 + iis express 10.0.18362.1)

netsh http add sslcert ipport=0.0.0.0:44358 certhash=81FF9blablabla22EA appid=``{214124cd-d05b-4309-9af9-9caa44b2b74a``} certstorename=MY

Skipping the certstorename=MY would cause the SSL certificate binding to state "Certificate Store Name: (null)"

@rifatislamrakesh
Copy link

it worked for me. thanks a lot.

@timabell
Copy link

🙏 Thank you!

Had a legacy project to deal with and tripped over this, problem, your script worked like a charm. Found the gist via https://steffbeckers.eu/blog/iis-express-localhost-ssl-certificate-reset which also has a useful minimum test project at https://github.com/steffbeckers/iis-express-ssl-reset-test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment