The winpty
command requires Git Bash for Windows
1. Create the Private Key for the Root Certificate
mkdir my-certs
cd my-certs
winpty openssl genrsa -out myCA.key 2048
2. Create the Root Certificate (CA)
winpty openssl req -new -x509 \
-key myCA.key -sha256 -days 18000 \
-out myCA.cert.pem \
-subj "//C=US\ST=NY\L=NY\O=None\CN=Localhost Root Certificate"
3. Verify the Root Certificate
winpty openssl x509 -noout -text -in myCA.cert.pem
4. Create the Private Key for the SSL Certificate
winpty openssl genrsa -out local-web.key 2048
5. Create the Certificate Signing Request (CSR)
winpty openssl req -new -sha256 \
-key local-web.key \
-out local-web.csr \
-subj "//C=US\ST=NY\L=NY\O=None\CN=localhost"
6. Create the Certificate Signed by the CA
Save the following to a file named v3.txt...
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = localhost.com
DNS.3 = dev.localhost.com
...and run this
winpty openssl x509 -req \
-in local-web.csr \
-CA myCA.cert.pem \
-CAkey myCA.key \
-CAcreateserial \
-days 18000 -sha256 \
-extfile v3.txt \
-out local-web.crt
7. Create the PFX file
winpty openssl pkcs12 -export \
-in local-web.crt \
-inkey local-web.key \
-out local-web.pfx
8. Import the myCA.cert.pem
file (root certificate) into the "Trusted Root Certifications Authorities" certificate store.
9. Import the local-web.pfx
file into IIS and bind the certificate to the website. I bound it to the Default Web Site: https://localhost
10. Optional. Add the following mappings to the hosts
file in C:\Windows\System32\drivers\etc
127.0.0.1 localhost
127.0.0.1 localhost.com
127.0.0.1 dev.localhost.com
The following urls will now work over HTTPS:
- https://localhost
- https://localhost.com
- https://dev.localhost.com