Self-Signed SSL certificates and IIS development site configuration using host header configurations for IIS7/7.5

One of our clients recently requested the ability to configure SSL for multiple development sites on a server with a single IP address. They had one certificate that was issued by an online CA for their production site and wanted self-signed certificates assigned to multiple development sites for testing purposes. In this walkthrough, I will provide information for creating a wildcard certificate that can be used for testing with any site in the same domain. Here is a blog, written by Scott Forsyth, which provides details about the domain which I will use in this walkthrough. For the certificate creation, PowerShell 3.0 is required. PowerShell 3.0 is part of the Windows Management Framework 3.0 package which can be downloaded here. If you are not able to install this on your server, you can create the certificate on a different machine and export it to a pfx file for importing onto your server.

Here is a blog post that I wrote previously that can be used to create multiple websites using PowerShell if you would like to experiment with this configuration. Once you have created your websites, you are ready to proceed through this post.

The cmdlet that we will use to create the self-signed wildcard is New-SelfSignedCertificate.

New-SelfSignedCertificate -DnsName, -CertStoreLocation cert:LocalMachineMy

.csharpcode, .csharpcode pre
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
background-color: #f4f4f4;
width: 100%;
margin: 0em;
.csharpcode .lnum { color: #606060; }

The exact command that I ran for this walkthrough is ‘New-SelfSignedCertificate -DnsName * -CertStoreLocation cert:LocalMachineMy’. This created a self-signed certificate in my local machine store.


Since this certificate is created in the Personal store of the Local Machine, you can export and import it into the Trusted Root Certificate store so that it will be trusted by IIS. If you are planning to test these sites from a different machine than hosts the website, you can also import the certificate into the Trusted Root Certificate store on your workstation and you will not receive any certificate warning errors when testing.

You are now ready to open IIS Manager and assign your newly created certificate to your websites. In order to enable the GUI host header field within the https bindings, the friendly name of your certificate has to be * Since we created the certificate as a wildcard certificate, we do not have to make any modifications to the friendly name.

Open IIS Manager, select the website that you want to add the SSL certificate to, and open Bindings from the Action pane.


Click Add and change the Type to https. You will notice that the Host name: field is greyed out and cannot be edited.


Once you select your certificate (*, this field will be editable, as seen below.


Enter your host header name in the Host name: box and click OK. You can also add this information using appcmd with the following syntax (replace name with your website name):

appcmd set site /”name” /+bindings.[protocol=’https’,bindinginformation=’*.443:name]

If you used the domain for this walkthrough, you are now ready to test your site without having to create DNS or local host file entries.

You are now on your way to happy development testing without pesky SSL warnings interrupting the flow.

Terri is a Support Specialist at OrcsWeb, a hosted server company providing managed hosting solutions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: