This powershell script generates a new certificate, removes the old certificate assignments from the IISExpress ssl ports and adds the newly generated one. The certificate is also copied over to the Trusted Root Certificate Authorities.

UpdateIISExpressCertificate.ps1

$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)
$thumb = $cert.GetCertHashString()

For ($i=44300; $i -le 44399; $i++) {
    netsh http delete sslcert ipport=0.0.0.0:$i
}

For ($i=44300; $i -le 44399; $i++) {
    netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`}
}

$StoreScope = 'LocalMachine'
$StoreName = 'root'

$Store = New-Object  -TypeName System.Security.Cryptography.X509Certificates.X509Store  -ArgumentList $StoreName, $StoreScope
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$Store.Add($cert)

$Store.Close()

I executed the script but Firefox is still showing the error in question
Firefox Version 56.0.2,

I had to explicitly specify the certificate store when adding the new certificate to make this otherwise nice solution kick in (asp.net core 3.0 + iis express 10.0.18362.1)

netsh http add sslcert ipport=0.0.0.0:44358 certhash=81FF9blablabla22EA appid=``{214124cd-d05b-4309-9af9-9caa44b2b74a``} certstorename=MY

Skipping the certstorename=MY would cause the SSL certificate binding to state "Certificate Store Name: (null)"

it worked for me. thanks a lot.

🙏 Thank you!

Had a legacy project to deal with and tripped over this, problem, your script worked like a charm. Found the gist via https://steffbeckers.eu/blog/iis-express-localhost-ssl-certificate-reset which also has a useful minimum test project at https://github.com/steffbeckers/iis-express-ssl-reset-test