Skip to main content

How to create a SSL certificate for your local IIS website using PowerShell

In order to develop apps using the HTTPS URL on your local machine, you should create SSL certificates. 

SSL works by ensuring that any data transferred between users and websites or between two systems remains harder(if not impossible) to read as the data might potentially include some sensitive information, i.e. names, payment details etc. Please read this article for more details. 

Creating a development SSL certificate will stop you from seeing the following error when you visit your local IIS website and potentially save you some headaches in the near future as things get more strict with security.






There are multiple ways to generate a SSL certificate. I prefer to use Windows PowerShell to generate my local certificates and here is how you can do it;

  • Open up PowerShell and run it as an Administrator
  • Type the following command for your project and hit enter.
New-SelfSignedCertificate -DnsName "YOURPROJECTNAME.localhost" -CertStoreLocation "cert:\LocalMachine\My"




  • This will generate an SSL certificate for you. You can check it by going to your IIS / Server Certificates





  • The next step is to open up "Manage computer certificates" to start using your new certificate in your app.











  • Find your new certificate in Personal/Certificates and copy it.







  • Go to Trusted Root Certification Authorities/Certificates and paste your new certificate here.




  • Now you are ready to use your new SSL certificate for you local IIS app. Go to IIS Manager and add a new website or go to your existing website - make sure your project name is same as your certificate name.









  • Go to bindings, add your HTTPS binding using 443 port number and select your new SSL certificate, check "Require Server Name Indication" and save your changes. 








  • Finally, visit your local website and make sure all is good. 





Additional note 10.02.2022:

Today I have learnt from my colleague David B that this approach might create some issues if you are using an old version of Identity Server. 

You can see the problem and solution below - thanks David for your contribution and thanks to my other colleague Lukasz W for helping David to identify and fix the problem. 

Problem: 
Apparently, when you create your certificates using the New-SelfSignedCertificate command that I have shared above, some older versions of Identity Server can not read keys generated in CNG(Crypto-Next Gen) format as they require the older CAPI style certs. 

Solution:
In order to support the older CAPI style while generating your certificates, you should add the  -KeySpec KeyExchange to the end of your New-SelfSignedCertificate command call. 

Before:
New-SelfSignedCertificate -DnsName "YOURPROJECTNAME.localhost" -CertStoreLocation "cert:\LocalMachine\My"

After:
New-SelfSignedCertificate -DnsName "YOURPROJECTNAME.localhost" -CertStoreLocation "cert:\LocalMachine\My" -KeySpec KeyExchange

Labels:

Comments

Post a Comment

Popular posts from this blog

How to fix Git push error: "RPC failed; curl 56 HTTP/2 stream 7 was reset send-pack: unexpected disconnect while reading sideband packet fatal: the remote end hung up unexpectedly"

Problem Today I saw the following problem when I tried to push my changes to a Git server after doing some work for upgrading an Umbraco v7 project to v8.18.8.  Possible reasons After some investigations, it seems like this could be because of the following reasons; Git is not happy with the amount of changes that are being pushed into the server.  There are possible limitations on the server about the size/amount of files that you can push. Your internet connection is not good and stable enough. Your Git client's version is old. Solution options For me, the easiest option was connecting to another Wifi and trying again. Apparently, this option helped quite a few people, so it is worth giving it a try. Unfortunately, it didn't work for me. A bad internet connection wasn't an option for me either, as my internet is pretty fast (500 Mbps). Similarly, my Git client version was the latest version (git version 2.41.0.windows.3).  On StackOverflow, there were a lot of recommendat
Post a Comment
Read more

How to fix Umbraco v9 "Boot Failed : Umbraco failed to boot, if you are the owner of the website please see the log file for more details." error

If you have started working with Umbraco v9 and done your first Azure deployment to one of your testing environments, there is a possibility that you might see the following "Boot Failed" error. Error: Checking the logs In order to understand the problem, you should check the Umbarco log file.  The default location for this file is umbraco/Logs and this file contains the Machine name, along with the date information. You can reach this file via Azure's Kudu Service  or alternatively, you can get download your Azure App Service's publish profile and connect your App Service via an FTP application, i.e. FileZilla. See the FileZilla screen below; Once you get your log file, you can download it to your local machine and open it with a text editor, i.e. Notepad++. When you open it, you will see all logs, including the error message. Please be aware, as most things with Umbraco, logging is also customizable, so you can either use the default Umbraco logging which is Micros
Post a Comment
Read more

How to use JQuery Ajax Methods for Async ASP.NET MVC Action Methods

Making repeatedly calls to async methods can be a nightmare. In this case, it makes sense to use 2 ajax methods, instead of one. Here is a simple solution to overcome this problem. See that  ajaxcalls   is emptied after the success response for the first ajax call and then the second ajax method is used to make one single call to the async action method. Hope it helps. View: @section Scripts{     < script type ="text/javascript">         var smartDebitObject = new Object();         smartDebitObject.MembershipNumber = $( "#MembershipNumber" ).val();         smartDebitObject.ProfileId = $( "#ProfileId" ).val();         smartDebitObject.FirstName = $( "#FirstName" ).val();         smartDebitObject.LastName = $( "#LastName" ).val();         smartDebitObject.AddressLine1 = $( "#AddressLine1" ).val();         smartDebitObject.Postcode = $( "#Postcode" ).val();         smartDebitObject
Post a Comment
Read more