One of the most common tasks that developers face is to mimic production environments locally. When it comes to running your local app securely, most developers either just run regular “http” or create a self-signed certificate.
In this tutorial, I’m going to show you how to secure your local environment for development so you can run your application via HTTPS with no security warnings. We will use the tool makecert.exe to create a root x.509 certificate and then use that to sign our SSL certificates. You can download this tool here.
What you’ll need.
- makecert.exe The makecert tool is used to create a root x.509 certificate. - pvk2pfx.exe Pvk2Pfx copies the public and private key information contained in .spc, .cer and .pvk files into the personal information exchange file (.pfx).
Setting up your environment
We’ll begin by setting up our local environment. Create an ASP.NET web application as shown below. Modify your hosts file found here c:\Windows\System32\drivers\etc\ so you can map dev.local to localhost or 127.0.0.1.
- 127.0.0.1 dev.local
Create your Root Certificate
First, use the makecert tool to create a root certificate. There are numerous parameters you can use when generating this certificate but the most important ones are outlined in the code below. This certificate is important for a number of reasons. The certificate created will have a private key which we will use to create our SSL certificate.
makecert.exe -r // self signed -n "CN=DevelopmentRoot" // name -pe // exportable -sv DevelopmentRoot.pvk // name of private key file -a sha1 // hashing algorithm -len 2048 // key length -b 01/21/2010 // valid from -e 01/21/2030 // valid to -cy authority // certificate type DevelopmentRoot.cer // name of certificate file
--pvk2pfx copies public key and private key information in .cer & .pvk file to a personal information exchange pvk2pfx.exe -pvk DevelopmentRoot.pvk // Specifies the name of a .pvk file -spc DevelopmentRoot.cer // Specifies the name and extension of the Software Publisher Certificate (SPC) file that contains the certificate -pfx DevelopmentRoot.pfx // Specifies the name of a .pfx file.
Use the Root Certificate to Create Self-Signed Certificate
makecert.exe -iv DevelopmentRoot.pvk // file name of root priv key -ic DevelopmentRoot.cer // file name of root cert -n "CN=dev.local" // name -pe // mark as exportable -sv dev.local.pvk // name of private key file -a sha1 // hashing algorithm -len 2048 // key length -b 01/21/2010 // valid from -e 01/21/2020 // valid to -sky exchange // certificate type dev.local.cer //name of certificate file -eku 18.104.22.168.22.214.171.124.1 // extended key usuage --pvk2pfx copies public key and private key information in .cer & .pvk file to a personal information exchange - pvk2pfx.exe -pvk dev.local.pvk // Specifies the name of a .pvk file -spc dev.local.cer // Specifies the name and extension of the Software Publisher Certificate (SPC) file that contains the certificate -pfx dev.local.pfx // Specifies the name of a .pfx file.
Install Certificates onto computer
Run the following command at the command prompt
In the dialog box that appears select to add a snap-in and following the prompts to select Certificates.
Right click on certificates under the Trusted Root Certificate Authorities and select the import tasks.
Navigate to where your certificates were created and choose the Development.cer file. Walk through the other steps and click finish.
Now it’s time to install the dev.local certificate on your machine.
Go back to the managment console and select personal -> certificates. Right click on certificates and select import under all tasks.
Next, follow the wizard and select the dev.local.pfx certificate.
At this point, we’re ready to associate the certificate with the site in IIS.