How to stop HTTPS errors on localhost IIS

Question

I'm running a domain on my local machine using IIS 10 in Windows 10.

I've created a HTTPS site and I'm trying to get rip of the HTTPS errors.

I've created a self-signed certificate, bound the cert to my https site in IIS, ran the SelfSSL command, copied the certificate into "Trusted Root Certification Authorities" (from an IIS 7 tutorial).

I've followed this tutorial: How to Create a Self Signed Certificate in IIS 7

Is this not working because IIS 10 is working differently to IIS 7. I'm still getting HTTPS errors despite following the tutorial.

Any advice will be much appreciated.

Thanks

John

Answer 1

This is not an "error", per se. The browser is just showing that you are using an invalid cert. You're free to continue using the site and doing anything you normally would.

The browser shows it as an invalid cert, even or perhaps especially if it's self-signed, because by default the browser only trusts a handful of certificate authorities. If you want your self-signed cert to be valid, then you have to install your own trusted root certificate authority (CA) on the system that will treat it as valid. The methodology for how to do that varies by OS and version, but Google should be able to help you find your way.

However, doing this creates a huge security hole on the system. You are now 100% responsible for the key for this authority. If that key ever leaks, then anyone could sign certificates for any website (Google, your bank, etc.) and give the appearance that their fake site is the real deal. If you do install your own CA, it's recommended that you actually remove it as soon as possible. For development purposes, I would say just live with the SSL warning and don't worry about it.