Self-Signed SSL Certificate

Create self-signed certificates for development purposes online. Enter optional certificate properties or leave the default values and click the Generate button. A self-signed SSL\TLS certificate will be generated for you.

Only for test and development

Self-signed certificates cannot be validated by any root authority (i.e. there is no "chain of trust") and therfore are considered insecure. Browsers will warn users that your website is not trustworthy. Therefore, you shouldn't use Self-signed certificates in production.

 
 
 
 
 

How to install HTTPS certificates

The following sections will describe how to install HTTPS certificates on various servers.

IIS

  1. Download the self signed certificate in the PFX format.

    Download the self signed certificate in the PFX format

  2. Double-click the PFX file to import it. The "Certificate Import Wizard" appears. Select local machine as the store location.

    Select 'local machine' in the Certificate Import Wizard

  3. Open the "IIS Management Console" and select the web site you want to add the certificate to. Click Bindings on the right pane.

    Click Bindings on the right pane

  4. In the "Site Bindings" dialog, click the "Add..." button. The "Add Site Binding" dialog appears. In the "type" dropdown, select HTTPS and optionally change the IP address, port or host name. Open the "SSL certificate" dropdown and select the certificate you just installed. The dropdown will display the certificate's friendly name.

    Select the SSL certificate

See the Microsoft docs for details.

Apache

  1. Download the certificate and the key as separate files.

    Download the certificate and the key as separate files

    Both files will be packed in a ZIP file. The two files are named as your DNS host name. For example

    • localhost.cer
    • localhost.key
  2. Open the zip file and copy the certificate and the key file onto your web server. The folders to copy those files to could be

    • /etc/ssl/certs/ for the certificate
    • /etc/ssl/private/ for the key file
  3. Open the Apache configuration in your favorite editor. Which file to open depends on your system. For example, the configuration might be found in /etc/apache2/apache2.conf.

  4. Find or add the configuration block with the SSL settings. For example, such a block might look as following

     <VirtualHost 192.168.0.1:443>
     	DocumentRoot /var/www/html
     	SSLEngine on
     	SSLCertificateFile /etc/ssl/crt/localhost.cer
     	SSLCertificateKeyFile /etc/ssl/private/localhost.key
     </VirtualHost> 
    

    Adjust the file locations to match the location where you have copied the downloaded files to.

  5. Restart Apache: apachectl restart

See the Apache docs for details.

NGINX

  1. Download the certificate and the key as separate files.

    Download the certificate and the key as separate files

    Both files will be packed in a ZIP file. The two files are named as your DNS host name. For example

    • localhost.cer
    • localhost.key
  2. Open the zip file and copy the certificate and the key file onto your web server. The folders to copy those files to could be

    • /etc/ssl/certs/ for the certificate
    • /etc/ssl/private/ for the key file
  3. Open the NGINX configuration in your favorite editor. Which file to open depends on your system. For example, the configuration might be found in /etc/nginx/sites-enabled/default.

  4. Find or add the configuration block for your web server. For example, such a block might look as following

     server {
        listen 80 default_server;
        listen [::]:80 default_server;
        listen 443 ssl;
    
        ssl_certificate     /etc/ssl/certs/localhost.cer;
        ssl_certificate_key /etc/ssl/private/localhost.key;
    

    Adjust the file locations to match the location where you have copied the downloaded files to.

  5. Reload the configuration: sudo nginx -s reload

See the NGINX docs for details.

ASP.NET Core\Kestrel

  1. Download the self signed certificate in the PFX format.

    Download the self signed certificate in the PFX format

  2. Extend the web host to use HTTPS:

    public class Program
    {
        public static IWebHost BuildWebHost(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseKestrel(options =>
                {
                    // This will only listen on 127.0.0.1. To add other IP addresses,
                    // repeat this code block using the respective IP addresses.
    
                    options.Listen(IPAddress.Loopback, ApplicationInfo.HttpPort);
                    options.Listen(IPAddress.Loopback, ApplicationInfo.HttpsPort, listenOptions =>
                        listenOptions.UseHttps(new X509Certificate2("localhost.pfx", "<password>"))
                    );
                })
                .UseContentRoot(Directory.GetCurrentDirectory())
                .UseStartup<Startup>()
                .Build();
    
        public static void Main(string[] args) => 
        {
            BuildWebHost(args).Run();
        }
    }
    

For a more elaborate sample see this blog post by Daniel Roth.

IIS Express

Please refer to Scott Hanselmann's blog post on how to do this.