Instantly share code, notes, and snippets.

Embed
What would you like to do?
This powershell script generates a new certificate, removes the old certificate assignments from the IISExpress ssl ports and adds the newly generated one. The certificate is also copied over to the Trusted Root Certificate Authorities.
$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)
$thumb = $cert.GetCertHashString()
For ($i=44300; $i -le 44399; $i++) {
netsh http delete sslcert ipport=0.0.0.0:$i
}
For ($i=44300; $i -le 44399; $i++) {
netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`}
}
$StoreScope = 'LocalMachine'
$StoreName = 'root'
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $StoreScope
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$Store.Add($cert)
$Store.Close()
@lextm

This comment has been minimized.

lextm commented Jun 14, 2017

If you prefer a visual tool to do similar, Jexus Manager offers wizards to generate new self-signed certificates, and makes them trusted by the system,

https://blog.lextudio.com/why-chrome-says-iis-express-https-is-not-secure-and-how-to-resolve-that-d906a183f0

@DovMiller

This comment has been minimized.

DovMiller commented Jun 15, 2017

Hello camieleggermont,
How do I run this code?
Help is appreciated very much!
Thank you.
Dov

@dwdickens

This comment has been minimized.

dwdickens commented Aug 6, 2017

Thank you! This fixed my problem using SSL on my dev for asp.net core.

@Srfigie

This comment has been minimized.

Srfigie commented Aug 9, 2017

Thanks this helped me and my team a lot!

@anton-abyzov

This comment has been minimized.

anton-abyzov commented Aug 18, 2017

Looks like it doesn't work for Firefox 55+ - https://monosnap.com/file/3yEBEZbYb9Vec6t8HTDG47uT7oNPLv

@helzgate

This comment has been minimized.

helzgate commented Sep 7, 2017

Couple points worth mentioning. Remove the -NotAfter section for it to run on Windows2012R2. Also, it iterates over 99 ports so give it a minute to remove all "localhost" certs from every port. Then give it another 99 iterations to add the new certs.

@jeer65

This comment has been minimized.

jeer65 commented Nov 10, 2017

I executed the script but Firefox is still showing the error in question
Firefox Version 56.0.2,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment