Recipe: Create development HTTPS certificates for IIS #ssl #https #windows

Oscar Brito

To create a PFX file for HTTPS in IIS follow the following steps. This will create a Trusted Root CA and a certificate for the domain, in this case is

I'm using for all passwords the value: password

Add to your PATH the Microsof SDK tools. On my machine these are on:

cProgram FilesMicrosoft SDKsWindowsv7.1Bin

  • create CA certificate for

makecert -n "CN=DEVCA" -r -sv DEVCA.pvk DEV_CA.cer

  • create certificate signed by CA Authority and install it

makecert -n "CN=" -iv DEVCA.pvk -ic DEVCA.cer -a sha1 -sky exchange -pe -sv

  • convert the certificate to PFX format

pvk2pfx.exe /pvk /spc /pfx /pi password -f

  • configure IIS

On IIS Host level, go to Server Certificates and import the generated PFX file

On your website, edit bindings and associate the generated file.

  • [optional] configure Machine / Permissions 

Open mmc.exe / add Certificates Snap-in (Local Machine)

    Import the CA certificate to Trusted Authorities
    Import the certificate to Personal

On the Personal Certs select the certificate, go to Manage Keys and give permissions to IIS_USR.

That's it folks!

Visit for more informations, contacts and news about Web Development.
See other blog posts at

Divhide purpose is to follow the HTML5 movement and contribute with applications which prove the quality of technology.

Feel free to contact divhide.