How to Create a Local SSL Certificate on Windows

A secure way to develop HTTPS-ready websites without spending a cent

Posted by Hüseyin Sekmenoğlu on September 12, 2022 DevOps & Deployment

Online security is no longer optional. With cyberattacks and data breaches on the rise, even local development environments now demand encrypted connections. Content management systems and platforms increasingly require HTTPS to function properly.

Buying official SSL certificates for local use is overkill and often expensive. Fortunately, there is a simple alternative: self-signed certificates. These are ideal for development, meet basic security needs, and can be generated for free. Just remember never to use them for production or publicly accessible websites.

⚙️ Generate a Self-Signed Certificate with PowerShell

Windows 10 includes a PowerShell command called New-SelfSignedCertificate. It is more flexible than the basic IIS option and much simpler than using tools like MakeCert.

To get started, decide on a local domain name for your site. Add it to your hosts file (for example, 127.0.0.1 mysite.local). Then open PowerShell as administrator and run this command:

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "mysite.local" -FriendlyName "MySiteCert" -NotAfter (Get-Date).AddYears(10)

This creates a self-signed certificate for mysite.local that remains valid for 10 years. You can change the number of years if needed.

🧰 Move the Certificate to Trusted Root

To avoid browser warnings, you must trust the certificate on your local machine. Follow these steps:

  1. Open the Manage Computer Certificates app (search for "certificate" in the Start menu).

  2. Go to Certificates – Local Computer → Personal → Certificates.

  3. Find your newly created certificate (look under the Issued To or Friendly Name column).

  4. In the left panel, open Trusted Root Certification Authorities → Certificates.

  5. Drag your certificate from the Personal section into the Trusted Root section.

  6. When prompted, choose Copy Here.

🌐 Configure HTTPS in IIS

  1. Open IIS Manager.

  2. Go to your site and add a new HTTPS binding.

  3. Enter the hostname (such as mysite.local).

  4. Check Require Server Name Indication (SNI).

  5. Select your certificate from the dropdown (e.g. MySiteCert).

Visit https://mysite.local/ in your browser. You should no longer see security warnings.

🌟 Wildcard Certificates for Multiple Local Sites

If you are working on multiple local apps like app1.example.local, app2.example.local, and so on, creating a wildcard certificate is a better solution.

Use this command to generate one certificate for all subdomains:

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "*.example.local" -DnsName "example.local", "*.example.local" -FriendlyName "LocalStarCert" -NotAfter (Get-Date).AddYears(10)

Then follow the same certificate trust and IIS binding steps. You can reuse this certificate for each site under example.local.

Final Thought:
Using HTTPS in development is no longer just a best practice. It is becoming a requirement. With PowerShell and a few manual steps, you can set up a fully secure local environment without extra cost or complexity.