-
-
Save camieleggermont/5b2971a96e80a658863106b21c479988 to your computer and use it in GitHub Desktop.
$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5) | |
$thumb = $cert.GetCertHashString() | |
For ($i=44300; $i -le 44399; $i++) { | |
netsh http delete sslcert ipport=0.0.0.0:$i | |
} | |
For ($i=44300; $i -le 44399; $i++) { | |
netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`} | |
} | |
$StoreScope = 'LocalMachine' | |
$StoreName = 'root' | |
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $StoreScope | |
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) | |
$Store.Add($cert) | |
$Store.Close() |
Hello camieleggermont,
How do I run this code?
Help is appreciated very much!
Thank you.
Dov
Thank you! This fixed my problem using SSL on my dev for asp.net core.
Thanks this helped me and my team a lot!
Looks like it doesn't work for Firefox 55+ - https://monosnap.com/file/3yEBEZbYb9Vec6t8HTDG47uT7oNPLv
Couple points worth mentioning. Remove the -NotAfter
section for it to run on Windows2012R2. Also, it iterates over 99 ports so give it a minute to remove all "localhost" certs from every port. Then give it another 99 iterations to add the new certs.
I executed the script but Firefox is still showing the error in question
Firefox Version 56.0.2,
I had to explicitly specify the certificate store when adding the new certificate to make this otherwise nice solution kick in (asp.net core 3.0 + iis express 10.0.18362.1)
netsh http add sslcert ipport=0.0.0.0:44358 certhash=81FF9blablabla22EA appid=``{214124cd-d05b-4309-9af9-9caa44b2b74a``} certstorename=MY
Skipping the certstorename=MY would cause the SSL certificate binding to state "Certificate Store Name: (null)"
it worked for me. thanks a lot.
🙏 Thank you!
Had a legacy project to deal with and tripped over this, problem, your script worked like a charm. Found the gist via https://steffbeckers.eu/blog/iis-express-localhost-ssl-certificate-reset which also has a useful minimum test project at https://github.com/steffbeckers/iis-express-ssl-reset-test
If you prefer a visual tool to do similar, Jexus Manager offers wizards to generate new self-signed certificates, and makes them trusted by the system,
https://blog.lextudio.com/why-chrome-says-iis-express-https-is-not-secure-and-how-to-resolve-that-d906a183f0