Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This powershell script generates a new certificate, removes the old certificate assignments from the IISExpress ssl ports and adds the newly generated one. The certificate is also copied over to the Trusted Root Certificate Authorities.
$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)
$thumb = $cert.GetCertHashString()
For ($i=44300; $i -le 44399; $i++) {
netsh http delete sslcert ipport=0.0.0.0:$i
}
For ($i=44300; $i -le 44399; $i++) {
netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`}
}
$StoreScope = 'LocalMachine'
$StoreName = 'root'
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $StoreScope
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$Store.Add($cert)
$Store.Close()
@lextm

This comment has been minimized.

Copy link

lextm commented Jun 14, 2017

If you prefer a visual tool to do similar, Jexus Manager offers wizards to generate new self-signed certificates, and makes them trusted by the system,

https://blog.lextudio.com/why-chrome-says-iis-express-https-is-not-secure-and-how-to-resolve-that-d906a183f0

@DovMiller

This comment has been minimized.

Copy link

DovMiller commented Jun 15, 2017

Hello camieleggermont,
How do I run this code?
Help is appreciated very much!
Thank you.
Dov

@dwdickens

This comment has been minimized.

Copy link

dwdickens commented Aug 6, 2017

Thank you! This fixed my problem using SSL on my dev for asp.net core.

@Srfigie

This comment has been minimized.

Copy link

Srfigie commented Aug 9, 2017

Thanks this helped me and my team a lot!

@anton-abyzov

This comment has been minimized.

Copy link

anton-abyzov commented Aug 18, 2017

Looks like it doesn't work for Firefox 55+ - https://monosnap.com/file/3yEBEZbYb9Vec6t8HTDG47uT7oNPLv

@helzgate

This comment has been minimized.

Copy link

helzgate commented Sep 7, 2017

Couple points worth mentioning. Remove the -NotAfter section for it to run on Windows2012R2. Also, it iterates over 99 ports so give it a minute to remove all "localhost" certs from every port. Then give it another 99 iterations to add the new certs.

@jeer65

This comment has been minimized.

Copy link

jeer65 commented Nov 10, 2017

I executed the script but Firefox is still showing the error in question
Firefox Version 56.0.2,

@skrubbeltrang

This comment has been minimized.

Copy link

skrubbeltrang commented Jan 3, 2020

I had to explicitly specify the certificate store when adding the new certificate to make this otherwise nice solution kick in (asp.net core 3.0 + iis express 10.0.18362.1)

netsh http add sslcert ipport=0.0.0.0:44358 certhash=81FF9blablabla22EA appid=``{214124cd-d05b-4309-9af9-9caa44b2b74a``} certstorename=MY

Skipping the certstorename=MY would cause the SSL certificate binding to state "Certificate Store Name: (null)"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.