Recipe: Create development HTTPS certificates for IIS #ssl #https #windows

Oscar Brito



To create a PFX file for HTTPS in IIS follow the following steps. This will create a Trusted Root CA and a certificate for the domain, in this case is 10.1.1.100.

I'm using for all passwords the value: password

Add to your PATH the Microsof SDK tools. On my machine these are on:


cProgram FilesMicrosoft SDKsWindowsv7.1Bin


  • create CA certificate for 10.1.1.100


makecert -n "CN=DEVCA" -r -sv DEVCA.pvk DEV_CA.cer


  • create certificate signed by CA Authority and install it


makecert -n "CN=10.1.1.100" -iv DEVCA.pvk -ic DEVCA.cer -a sha1 -sky exchange -pe -sv 10.1.1.100.pvk 10.1.1.100.cer


  • convert the certificate to PFX format


pvk2pfx.exe /pvk 10.1.1.100.pvk /spc 10.1.1.100.cer /pfx 10.1.1.100.pfx /pi password -f


  • configure IIS

On IIS Host level, go to Server Certificates and import the generated PFX file

On your website, edit bindings and associate the generated file.


  • [optional] configure Machine / Permissions 


Open mmc.exe / add Certificates Snap-in (Local Machine)

    Import the CA certificate to Trusted Authorities
    Import the certificate to Personal

On the Personal Certs select the certificate, go to Manage Keys and give permissions to IIS_USR.


That's it folks!




Visit www.divhide.com for more informations, contacts and news about Web Development.
See other blog posts at blog.divhide.com.



Divhide purpose is to follow the HTML5 movement and contribute with applications which prove the quality of technology.


Feel free to contact divhide.