Last active
May 22, 2024 09:08
-
-
Save camieleggermont/5b2971a96e80a658863106b21c479988 to your computer and use it in GitHub Desktop.
This powershell script generates a new certificate, removes the old certificate assignments from the IISExpress ssl ports and adds the newly generated one. The certificate is also copied over to the Trusted Root Certificate Authorities.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$cert = New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5) | |
$thumb = $cert.GetCertHashString() | |
For ($i=44300; $i -le 44399; $i++) { | |
netsh http delete sslcert ipport=0.0.0.0:$i | |
} | |
For ($i=44300; $i -le 44399; $i++) { | |
netsh http add sslcert ipport=0.0.0.0:$i certhash=$thumb appid=`{214124cd-d05b-4309-9af9-9caa44b2b74a`} | |
} | |
$StoreScope = 'LocalMachine' | |
$StoreName = 'root' | |
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $StoreScope | |
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) | |
$Store.Add($cert) | |
$Store.Close() |
it worked for me. thanks a lot.
🙏 Thank you!
Had a legacy project to deal with and tripped over this, problem, your script worked like a charm. Found the gist via https://steffbeckers.eu/blog/iis-express-localhost-ssl-certificate-reset which also has a useful minimum test project at https://github.com/steffbeckers/iis-express-ssl-reset-test
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I had to explicitly specify the certificate store when adding the new certificate to make this otherwise nice solution kick in (asp.net core 3.0 + iis express 10.0.18362.1)
netsh http add sslcert ipport=0.0.0.0:44358 certhash=81FF9blablabla22EA appid=``{214124cd-d05b-4309-9af9-9caa44b2b74a``} certstorename=MY
Skipping the certstorename=MY would cause the SSL certificate binding to state "Certificate Store Name: (null)"