How can I create a self-signed cert for localhost

Question

I ve gone through the steps detailed in How do you use https   SSL on localhost  but this sets up a self-signed cert for my machine name  and when browsing it via https   localhost I receive the IE warning   Is there a way to create a self-signed cert for  localhost  to avoid this warning

User · Answer

In a LAN  Local Area Network  we have a server computer  here named xhost running Windows 10  IIS is activated as WebServer  We must access this computer via Browser like Google Chrome not only from localhost through https   localhost  from server itsself  but also from other hosts in the LAN with URL https   xhost     https   localhost  https   xhost  https   xhost local       With this manner of accessing  we have not a fully-qualified domain name  but only local computer name xhost here  Or from WAN   https   dev example org       You shall replace xhost by your real local computer name  None of above solutions may satisfy us  After days of try  we have adopted the solution openssl exe  We use 2 certificates - a CA  self certified Authority certificate  RootCA crt and xhost crt certified by the former  We use PowerShell  1  Create and change to a safe directory  cd C  users so crt 2  Generate  RootCA pem   RootCA key   amp   RootCA crt as self-certified Certification Authority   openssl req -x509 -nodes -new -sha256 -days 10240 -newkey rsa 2048 -keyout RootCA key -out RootCA pem -subj   C ZA CN RootCA-CA  openssl x509 -outform pem -in RootCA pem -out RootCA crt  3  make request for certification  xhost key  xhost csr  C  Country ST  State L  locality  city  O  Organization Name Organization Unit CN  Common Name         openssl req -new -nodes -newkey rsa 2048 -keyout xhost key -out xhost csr -subj   C ZA ST FREE STATE L Golden Gate Highlands National Park O WWF4ME OU xhost home CN xhost local   4  get xhost crt certified by RootCA pem   openssl x509 -req -sha256 -days 1024 -in xhost csr -CA RootCA pem -CAkey RootCA key -CAcreateserial -extfile domains ext -out xhost crt  with extfile domains ext file defining many secured ways of accessing the server website  authorityKeyIdentifier keyid issuer basicConstraints CA FALSE keyUsage   digitalSignature  nonRepudiation  keyEncipherment  dataEncipherment subjectAltName    alt names  alt names  DNS 1   localhost DNS 2   xhost DNS 3   xhost local DNS 4   dev example org DNS 5   192 168 1 2  5  Make xhost pfx PKCS  12  combinig both private xhost key and certificate xhost crt  permitting to import into iis  This step asks for password  please let it empty by pressing  RETURN  key  without password    openssl pkcs12 -export -out xhost pfx -inkey xhost key -in xhost crt  6  import xhost pfx in iis10 installed in xhost computer  here localhost   and Restart IIS service  IIS10 Gestionnaire des services Internet  IIS    windir  system32 inetsrv InetMgr exe     7  Bind ssl with xhost local certificate on port 443   Restart IIS Service  8  Import RootCA crt into Trusted Root Certification Authorities via Google Chrome in any computer that will access the website https   xhost    Google Chrome     Settings   Advanced  Privacy and Security Security Manage certificates Import RootCA crt  The browser will show this valid certificate tree   RootCA-CA          xhost local   No Certificate Error will appear through LAN  even through WAN by https   dev example org   Here is the whole Powershell Script socrt ps1 file to generate all required certificate files from the naught       Generate      RootCA pem   RootCA key  RootCA crt       xhost key xhost csr xhost crt     xhost pfx     created  15-EEC-2020   modified 15-DEC-2020       change to a safe directory     cd C  users so crt      Generate  RootCA pem   RootCA key     RootCA crt as Certification Authority    openssl req -x509 -nodes -new -sha256 -days 10240 -newkey rsa 2048 -keyout RootCA key -out RootCA pem -subj   C ZA CN RootCA-CA  openssl x509 -outform pem -in RootCA pem -out RootCA crt      get RootCA pfx  permitting to import into iis10  not required     openssl pkcs12 -export -out RootCA pfx -inkey RootCA key -in RootCA crt      get xhost key xhost csr      C  Country     ST  State     L  locality  city      O  Organization Name     OU  Organization Unit     CN  Common Name   openssl req -new -nodes -newkey rsa 2048 -keyout xhost key -out xhost csr -subj   C ZA ST FREE STATE L Golden Gate Highlands National Park O WWF4ME OU xhost home CN xhost local       get xhost crt certified by RootCA pem    to show content      openssl x509 -in xhost crt -noout -text   openssl x509 -req -sha256 -days 1024 -in xhost csr -CA RootCA pem -CAkey RootCA key -CAcreateserial -extfile domains ext -out xhost crt      get xhost pfx  permitting to import into iis    openssl pkcs12 -export -out xhost pfx -inkey xhost key -in xhost crt      import xhost pfx in iis10 installed in xhost computer  here localhost      To install openSSL for Windows  please visit https   slproweb com products Win32OpenSSL html

User · Answer

Since this question is tagged with IIS and I can t find a good answer on how to get a trusted certificate I will give my 2 cents about it   First use the command from  AuriRahimzadeh in PowerShell as administrator   New-SelfSignedCertificate -DnsName  localhost  -CertStoreLocation  cert  LocalMachine My    This is good but the certificate is not trusted and will result in the following error  It is because it is not installed in Trusted Root Certification Authorities     Solve this by starting mmc exe   Then go to   File -  Add or Remove Snap-ins -  Certificates -  Add -  Computer account -  Local computer  Click Finish   Expand the Personal folder and you will see your localhost certificate     Copy the certificate into Trusted Root Certification Authorities - Certificates folder   The final step is to open Internet Information Services  IIS  Manager or simply inetmgr exe  From there go to your site  select Bindings    and Add    or Edit     Set https and select your certificate from the drop down     Your certificate is now trusted

User · Answer

If you are trying to create a self signed certificate that lets you go http   localhost mysite Then here is a way to create it   makecert -r -n  CN localhost  -b 01 01 2000 -e 01 01 2099 -eku 1 3 6 1 5 5 7 3 1 -sv localhost pvk localhost cer cert2spc localhost cer localhost spc pvk2pfx -pvk localhost pvk -spc localhost spc -pfx localhost pfx   From http   social msdn microsoft com Forums en-US wcf thread 32bc5a61-1f7b-4545-a514-a11652f11200

User · Answer

Yes and no   Self signed certificates result in that warning message because the certificate was not signed by a trusted Certificate Authority   There are a few options that you can consider to remove this warning on your local machine   See the highest ranked answers to this question for details   What do I need to do to get Internet Explorer 8 to accept a self signed certificate   Hope this helps     EDIT   Sorry  I wasn t initially aware that you were constrained to localhost   You can attempt to follow the directions on the the link below to  Generate a Self Signed Certificate with the Correct Common Name    http   www sslshopper com article-how-to-create-a-self-signed-certificate-in-iis-7 html

User · Answer

Although this post is post is tagged for Windows  it is relevant question on OS X that I have not seen answers for elsewhere  Here are steps to create a self-signed cert for localhost on OS X     Use  localhost  for the  Common name  openssl req -x509 -sha256 -nodes -newkey rsa 2048 -days 365 -keyout localhost key -out localhost crt    Add the cert to your keychain open localhost crt   In Keychain Access  double-click on this new localhost cert  Expand the arrow next to  Trust  and choose to  Always trust   Chrome and Safari should now trust this cert  For example  if you want to use this cert with node js   var options         key  fs readFileSync   path to localhost key   toString        cert  fs readFileSync   path to localhost crt   toString        ciphers   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384       honorCipherOrder  true      secureProtocol   TLSv1 2 method      var server   require  https   createServer options  app

User · Answer

You can use PowerShell to generate a self-signed certificate with the new-selfsignedcertificate cmdlet   New-SelfSignedCertificate -DnsName  localhost  -CertStoreLocation  cert  LocalMachine My    Note  makecert exe is deprecated   Cmdlet Reference  https   technet microsoft com itpro powershell windows pkiclient new-selfsignedcertificate

User · Answer

I would recomment Pluralsight s tool for creating self-signed-certs  http   blog pluralsight com selfcert-create-a-self-signed-certificate-interactively-gui-or-programmatically-in-net   Make your cert as a  pfx and import it into IIS  And add it as a trusted root cert authority

User · Answer

After spending a good amount of time on this issue I found whenever I followed suggestions of using IIS to make a self signed certificate  I found that the Issued To and Issued by was not correct  SelfSSL exe was the key to solving this problem  The following website not only provided a step by step approach to making self signed certificates  but also solved the Issued To and Issued by problem  Here is the best solution I found for making self signed certificates  If you d prefer to see the same tutorial in video form click here   A sample use of SelfSSL would look something like the following   SelfSSL  N CN YourWebsite com  V 1000  S 2  SelfSSL    will provide a list of parameters with explanation

User · Answer

you could try mkcert   macos  brew install mkcert

User · Answer

If you are using Visual Studio  there is an easy way to setup and enable SSL using IIS Express explained here

[iis] How can I create a self-signed cert for localhost?

1. Create and change to a safe directory:

2. Generate RootCA.pem, RootCA.key & RootCA.crt as self-certified Certification Authority:

3. make request for certification: xhost.key, xhost.csr:

4. get xhost.crt certified by RootCA.pem:

5. Make xhost.pfx PKCS #12,

6. import xhost.pfx in iis10

7. Bind ssl with xhost.local certificate on port 443.

8. Import RootCA.crt into Trusted Root Certification Authorities

Examples related to iis

Examples related to windows-7

Examples related to ssl-certificate