Creating a self-signed SSL Certificate for Localhost Testing

If you have ever tried to integrate your web application with a third party payment service such as PayPal, chances are you would have come across an error similar to this one below, particularly if you don’t have a signed certificate pinned in your application:


The problem here is that many payment services will require that you transmit data using a secure channel, for that to happen you will need an SSL Certificate.  You can click here to find out more about SSL certificates and why we need them to establish secure connections.  For this post I will only focus on solving the problem of creating a self-signed SSL certificate for local testing purposes.  I would advise that you only create and use self-signed certificates for testing and not for any production environment, rather be safe and purchase a certificate for your production environment.

Popular way of solving this problem:

Though there are many ways of solving this problem, by far the most simple I have come across is to simply enable SSL on your IDE.  In my case, I am using Visual Studio 2015. I’m not sure if other IDE’s have a similiar feature to enable SLL? but if not, do not worry, I will mention other methods you can use to create a self signed certificate.  For now let’s enable SSL in Visual Studio:

  1. Open Solution Explorer in Visual Studio.
  2. Click on your project and press F4
  3. Under development server, make sure you set SSL Enable to True.  (This will generate an SSL URL for you application)
  4. Copy the SSL URL as shown below                               enableSSL
  5. Right click on your project and select properties
  6. Under Web – paste the SSL Url in the Properties Url text field and save.


Now if you test your application again and it works, then kudos to you!  It could be that you are using an outdated browser.  The new version of chrome (version 58) does not support the matching of SSL certificates based on the CN when Subject Alternative Name (SAN) is not available. So implementing the above will most probably not solve the problem for most people. However, the SSL URL created above will be important as we create our own Self-Signed Certificate – so implementing the above is not a complete a waste of time.

One really simple way to create a certificate is to use PowerShell.  Powershell has really simple commands such as ‘New-SelfSignedCertificate‘ used for generating a new self-signed certificate.  Unfortunately for me, I will not be able to post any images using powershell as I am running PowerShell version 1 which does not support the modern command New-SelfSignedCertificate, that feature is available from PowerShell version 4.  There are other messier ways we can do this with PowerShell version 1 but I’d rather not get into that.

If you are facing similar constraints as I did then you can use the following steps to solve the problem:

  1. Download and open Jexus Manager (Jexus Manager is the management console designed for Jexus web server. It can also manage IIS Express and local IIS instances.)
  2. Once open, click on IIS Express and select Server Certificates                                   jexus
  3. On the right pane, click on ‘Create Self-Signed Certificate’                                             create_SSL
  4. From here, you can specify the friendly name and custom common name for the certificate                                                                                                                         specify_name
  5. Right-click on the newly created and select View – A pop up should appear and you should click on ‘Install Certificate’                                                                             Install_Cert
  6. Confirm the installation and take note of the certificate thumbprint                       thumbprint
  7. Now all that’s left for you to do is to bind the newly created certificate thumbprint to your application GUID or Application ID using the command window. – Open the command window in administrator mode and input the following command.  Remember to use your own thumbprint and application id.
  8. In the command window – firstly, remove the previous port mapping from IIS Express by running the following command                                                                                                                                                                                                                         netsh http delete sslcert ipport=                                                                                                                                                                                                             
  9. Bind the certificate thumbprint and your application port together with your application id                                                                                                                                                                                                                                                                                 netsh http add sslcert ipport= certhash=325538FC3A76D556E02F5649D2F165CDB8B35FC6 appid={127e0192-a164-48fd-b7ab-3e6637741ae0}                                                                                                                command.png

That’s it,  that should solve the secure connection error.  Remember to use your own details and also note that this certificate is note best suited for production use but localhost testing.


One Reply to “Creating a self-signed SSL Certificate for Localhost Testing”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s