Wildcard self-signed certificates in IIS

Posted by Jason Howard on 16 March 2016

Working with multiple customers does make for a varied and enjoyable work day. Occasionally though some things do cause issues. One such problem we have experienced is testing of HTTPS in our development environment.

Using HTTPS is quite straightforward to achieve by installing a self-signed certificate on our development machines. Yes, browsers will throw security exceptions but we installed it so should trust ourselves that the site will not be accessed publically. The self-signed certificate would be given any old name such as ‘dev-certificate’ but this could only be associated to one website at a time in IIS (Internet Information Services) and that causes no amount of misery when dealing with multiple local websites as you have to remove the old HTTPS binding from the site currently using it and then add it to the site you are now working with.

Wildcard self-signed certificates to the rescue.

If you already have a self-signed certificate installed remove this from the HTTPS binding of the site currently assigned to your certificate and in IIS select the local server and open server certificates. It may work with multiple certificates but I removed all my previous self-signed certificates and created a new one that has a friendly name starting with an asterisk:

 

Then in each site you want to support HTTPS add a new HTTPS binding and select the wildcard certificate created earlier giving it the same host name used for http:

 

I’ve tried this on a few sites now and due to the new certificate you will get prompted to add a security exception but apart from that it appears to be working fine and for development purposes this makes working with HTTPS on multiple sites much easier.

Jason Howard

Find more posts by Jason Howard