How to create self signed certificate for IIS using PowerShell

Local development for ASP.NET websites over https protocol is much easy with IIS Express development certificate, which is pre-installed with IIS on Windows 8. But anyway when web application runs first time in any browsers, a message similar to the following appear

Your connection is not private

Attackers might be trying to steal your information from app.invoiceify.pvt (for example, passwords, messages, or credit cards).

In this post you will learn how to create self signed certificate for IIS using PowerShell.

The message appeared because IIS Development certificate issues to localhost and usually works fine if you developing for https://localhost/MyApp but in most cases ASP.NET developers use new website with name similar to production url, for example www.mysite.pvt and modify hosts file in order to point this name to local machine.

Your connection is not private

Fortunately on Windows 8.1 and Windows Server 2012 we can create self signed certificates with DNS name different from localhost. In order to do it, we need to use PowerShell command New-SelfSignedCertificateIn my case I have a website which hosted on the following address: https:\\app.invoiceify.pvtand my PowerShell command will look like this:

New-SelfSignedCertificate -DnsName app.invoiceify.pvt -CertStoreLocation cert:\LocalMachine\My

PowerShell create self signed certificate with domain name

You can also use wildcards in domain name, for example instead of app.invoiceify.pvt you can use *.invoiceify.pvt and all subdomains will use the same certificate.

Now we need to choose our new created certificate in IIS

Choose certificate in IIS

If you try to open your website now, the message which will be displayed a little bit different, not it tells then certificate is not trusted. Let's add this certificate to Trusted Root Certification Authorities First we need to export certificate, press Win+R keyboard shortcut and type mmc


Go to File -> Add-remove Snap-ins


and choose "Computer account" -> "Local computer" Our certificate is located under "Personal" certificates, right click and "Export certificate"


In the export wizard you can leave all options by default, and you don't need to export private keys. As a result you will get *.cer file. Now we need to Import this file into "Trusted root certification authorities" location


You can leave all import settings by default and after it's done you have to close and open your browser in order to changes take effect.



Social media


Latest Tweets