Creating a self-signed SSL Certificate for Localhost Testing

If you have ever tried to integrate your web application with a third party payment service such as PayPal, chances are you would have come across an error similar to this one below, particularly if you don’t have a signed certificate pinned in your application:

secure_connection_error

The problem here is the that many payment services will require that you transmit data using a secure channel and for that to happen, you will need and SSL Certificate.  You can click here to find out more about SSL certificates and why we need them to establish secure connections.  For this post I will only focus on solving the problem of creating a self-signed SSL certificate for localhost testing.  I would advise that you only create and use self-signed certificates for localhost testing and not for any production environment,  rather be safe and purchase a certificate for production environment.

Let’s look at popular way of solving this problem:

There are many ways of solving this problem, by far the most simple I have seen is to enable SSL on Visual Studio.  This is done simply by:

  1. Clicking on Solution Explorer in Visual Studio.
  2. Click on your project and press F4
  3. Under development server, make sure you set SSL Enable to True.  (This will generate an SSL URL for you application)
  4. Copy the SSL URL as shown below                               enableSSL
  5. Right click on your project and select properties
  6. Under Web – paste the SSL Url in the Properties Url text field and save.

portNumberSSL

Now if you test your application again and it works, then kudos to you!  It could be that you are using an outdated browser.  The new version of chrome (version 58) does not support the matching of SSL certificates based on the CN when Subject Alternative Name (SAN) is not available. So implementing the above will most probably not solve the problem for most people. However, the SSL URL created above will be important as we create our own Self-Signed Certificate – so implementing the above is not a complete a waste of time.

Another simple way to create a certificate is to use PowerShell.  Powershell has really simple commands such as ‘New-SelfSignedCertificate’ used for generating new self-signed certificates.  Unfortunately for me, I am running PowerShell version 1 which does not support the modern command New-SelfSignedCertificate for creating SSL Certificate that feature is available from PowerShell version 4.  There are other messier ways we can do this with PowerShell 1 but I’d rather not get into that.

If you are facing similar constraints as I did then you can use the following steps to solve the problem:

  1. Download and open Jexus Manager (Jexus Manager is the management console designed for Jexus web server. It can also manage IIS Express and local IIS instances.)
  2. Once open, click on IIS Express and select Server Certificates                                   jexus
  3. On the right pane, click on ‘Create Self-Signed Certificate’                                             create_SSL
  4. From here, you can specify the friendly name and custom common name for the certificate                                                                                                                         specify_name
  5. Right-click on the newly created and select View – A pop up should appear and you should click on ‘Install Certificate’                                                                             Install_Cert
  6. Confirm the installation and take note of the certificate thumbprint                       thumbprint
  7. Now all that’s left for you to do is to bind the newly created certificate thumbprint to your application GUID or Application ID using the command window. – Open the command window in administrator mode and input the following command.  Remember to use your own thumbprint and application id.
  8. In the command window – firstly, remove the previous port mapping from IIS Express by running the following command                                                                                                                                                                                                                         netsh http delete sslcert ipport=0.0.0.0:44378                                                                                                                                                                                                             
  9. Bind the certificate thumbprint and your application port together with your application id                                                                                                                                                                                                                                                                                 netsh http add sslcert ipport=0.0.0.0:44378 certhash=325538FC3A76D556E02F5649D2F165CDB8B35FC6 appid={127e0192-a164-48fd-b7ab-3e6637741ae0}                                                                                                                command.png

That’s it,  that should solve the secure connection error.  Remember to use your own details and also note that this certificate is note best suited for production use but localhost testing.

Advertisements

One Reply to “Creating a self-signed SSL Certificate for Localhost Testing”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s