Skip to main content

Creating a Developer Certificate for IIS, and having it trusted by the computer, not just you.

 

There's a few different ways to do this, but for me, with a Blazor Server application and backend API, this seemed to work the best. 

Step 1 - Create Certificate 


It's fairly well documented, but there's a few things to note: 
- Change Subject and Dnsname to your preferred name 
- Note the certifcate store location, in your personal store
- Note the hard coded password YourSecurePassword
- I don't know what the TextExtension field does, need to research that
- Note that the created cer file is deleted at the last step 

However, this process didn't get me in a position where the server itself trusted the certificate, which is what I needed for Blazor, see Step 2 below.

# setup certificate properties including the commonName (DNSName) property for Chrome 58+
$certificate = New-SelfSignedCertificate `
    -Subject localhost `
    -DnsName localhost `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -NotBefore (Get-Date) `
    -NotAfter (Get-Date).AddYears(2) `
    -CertStoreLocation "cert:CurrentUser\My" `
    -FriendlyName "Localhost Certificate for .NET Core" `
    -HashAlgorithm SHA256 `
    -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") 
$certificatePath = 'Cert:\CurrentUser\My\' + ($certificate.ThumbPrint)  

# create temporary certificate path
$tmpPath = "C:\tmp"
If(!(test-path $tmpPath))
{
New-Item -ItemType Directory -Force -Path $tmpPath
}

# set certificate password here
$pfxPassword = ConvertTo-SecureString -String "YourSecurePassword" -Force -AsPlainText
$pfxFilePath = "c:\tmp\localhost.pfx"
$cerFilePath = "c:\tmp\localhost.cer"

# create pfx certificate
Export-PfxCertificate -Cert $certificatePath -FilePath $pfxFilePath -Password $pfxPassword
Export-Certificate -Cert $certificatePath -FilePath $cerFilePath

# import the pfx certificate
Import-PfxCertificate -FilePath $pfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable

# trust the certificate by importing the pfx certificate into your trusted root
Import-Certificate -FilePath $cerFilePath -CertStoreLocation Cert:\CurrentUser\Root

# optionally delete the physical certificates (don’t delete the pfx file as you need to copy this to your app directory)
# Remove-Item $pfxFilePath
Remove-Item $cerFilePath

Step 2 - Get the Server to trust the certificate 

To get the server to trust the cerficate,  I used information from Robert McMurray - How to trust the IIS Express Self-Signed Certificate, namely the part under  "Resolution Number #2 - Configure your computer to trust the IIS Express Certificate"

Using these steps below, may allow other options for creating certifcates in Step 1 

Steps are: 

  • Open the Computers Certifcate's MMC.  Number of different ways to get there, control panel, Admin Tools, Manage Computer Certificates works 
  • The trick here, is that you're going to the computer account , local computer certificates.
  • Export the certificate created in Step 1, depnding on how you did it, it may be in Personal or Web Hosting
    • Only need to export the public key - no private key export needed
    • Export as DER X 509 
  • Once exported, Import it back in under " Trusted Root Certification Authorities"

That's it, you should be good.

Comments

Post a Comment

Popular posts from this blog

Fixing a https Cert in Windows

 I renewed a https cert today in Windows and had problems with the new Cert sticking in Windows It would add fine, without error, but would disappear when the IIS Server Certificates screen would refresh.  Open the Certificates in MMC (Local Machine) and inspecting the Web Hosting gave a clue, the new certificate was there, but with a key - the private key was missing.  Could be because the original certificate was created on a completely different machine and imported to this new server.  At any rate, a simple certutil command fixed it .  A tip I received from  SSL disappears from the certificate list on Windows server - SSL Certificates - Namecheap.com Key steps are:  Double-click the certificate and go to  Details  tab. In certificate details locate the  Serial Number  field, click on it and copy its value. Open Command Prompt, pressing  Win+R  and typing  cmd , then click  OK In the command prompt type: ...
Post a Comment
Read more

Ever need to reset a password in Bonobo Git Server ?

So, you've forgotten your password to bonobo git. Step 1: Get access to the sqlite file, probably called something like  Bonobo.Git.Server.db, sitting in the "wwwroot\Bonobo.Git.Server\App_Data" directory. Step 2: Using another tool, generate an md5 hash of your new desired password (as far as I know, sqlite does not have md5 capability) Step 3: Back in sqlite, using SQL, update the relevant user record, something like update User set Password = UPPER( 'thenewMD5hash') where Username = 'admin' ; Step 4: That's it, you are done, log in with your newly found password.
2 comments
Read more

Save Attachments in Outlook automatically

For years I have wanted something to do this, and finally found it. Worked perfectly for me in Outlook 2013  In the end it is so simple. Guide from http://www.pixelchef.net/content/rule-autosave-attachment-outlook and https://msdn.microsoft.com/en-us/library/ee814736.aspx Open the VBA IDE in Outlook. Alt-F11 will do this. Insert the following code to the Modules section. On the left side there is a tree, expand until you find Modules. Then, if there is not a Module item under Modules, create one by right clicking on Modules. Or right click and choose Insert -> Module. Now, paste the text below in the main VBA window. Close the VBA IDE. Create a Rule that calls the script. Tools -> Rules and Alerts -> New Rule... In the first screen of the new rule wizard, choose "Check messages when they arrive". In the second, you could specify certain criteria that the message must match. Tip: Try "with specific words in the message header" and ...
Post a Comment
Read more