Windows 10 Self-Signed Certificate


In Windows 10, it is pretty easy to create a self-signed SSL certificate. Open an administrative PowerShell and execute the following:

New-SelfSignedCertificate -DnsName localhost -CertStoreLocation "cert:\LocalMachine\My"

This will generate a certificate for localhost. You could change localhost to be any domain name that you'd like (ie: Once generated, it is already loaded into the system. 

The next step is to tell your computer to trust this certificate. To do that, run mmc.exe and add the Certificates snap-in using the Computer Account (Local Computer). You'll find your certificate in the Personal > Certificates node (pro tip: if you right click on your cert and choose Properties, you can give it a Friendly Name). Once you locate your cert, right click on it and choose Copy. Then, navigate to the Trusted Root Certification Authorities > Certificates node and Paste your cert in there. 

That's it! Now, if you configure IIS to use this cert with a website serving the same URL that was specified when you created the cert (ie: localhost), you'll get a nice proper pad lock when you visit your website.

You can also issue a wildcard certificate for use with IIS or ADFS by using:

New-SelfSignedCertificate -DnsName "","*" -CertStoreLocation "cert:\LocalMachine\My"

Replace with the domain you'd like to use.

Happy developing!

My name is Rick Towns and I am an amateur astronomer and computer programmer from Canada. This is a collection of interesting posts I've gathered over the years.