Altijd in beweging...

Technische ontwikkeling staat nooit stil

Create a certificate for local development

July 5, 2019
  • Git
  • tools

Every site should run under HTTPS nowadays so it makes sense to run my local site under HTTPS as well. Creating a self-signed certificate is pretty easy with PowerShell.

Certificate for 1 domain

$ErrorActionPreference = 'Stop'
#Requires -RunAsAdministrator

$DnsName="demosite.local"
New-SelfSignedCertificate -DnsName $DnsName -CertStoreLocation cert:\LocalMachine\My

Certificate for multiple domains

With this PowerShell command the name of the certificate will be the first domain (ie. demosite1.local), but when you look at the details of the certificate in MMC you can see that the Subject Alternative Name (SAN) shows both domains.

$ErrorActionPreference = 'Stop'
#Requires -RunAsAdministrator

$DnsName = "demosite1.local","demosite2.local"
New-SelfSignedCertificate -DnsName $DnsName -CertStoreLocation cert:\LocalMachine\My

There are more options to configure for the New-SelfSignedCertificate command but for a simple setup the above works for me.

Make certificate trusted

The created certificate won't be seen as valid because we issued it ourself and only certificates issued by trusted authorities are viewed as valid. We aren't in the trusted authorities group. To solve this easily I copy the certificate from Personal to Trusted Root Certification Authorities so we get marked as trusted. This is because the issuer of the created certificate is the same as the certificate and after copying it to the Trusted Root Certification Authorities the issuer is trusted.

There are ways to create a (local) trusted authority first and create a certificate with this authority as issuer so you can skip the step explained here. That would be more ideal but for my current local projects, the above method works just as well.

Microsoft Management Console (MMC)

To manage the certificates you can use Microsoft Management Console. Go to Microsoft for more information.

As a shortcut you can also go directly to the certificates of the local computer by running certlm.msc .