I have successfully created and used a self-signed certificate on my development machine (IIS 7.5 – Windows 7).
To do this I generated a self signed cert with a common name (CN) = app.localhost
and imported it into the Trusted Root Certification Authorities store. I then imported the same cert into IIS and bound it to my site with a Host Name = app.localhost
.
This worked fine.
Now I am developing an api that runs under api.localhost
. This too needs SSL. So I created a new self-signed cert as before except I specifed a CN = *.localhost
. The new cert was added to the Trusted Root Certification Authorities store and imported into IIS as before. Both sites (app.localhost
& api.localhost
) were successfully bound to the wildcard cert.
This did not work.
Chrome complains with:
You attempted to reach api.localhost, but instead you actually reached
a server identifying itself as *.localhost.
IE makes a similar complaint.
How do I make a self-signed wildcard certificate that works?
Best Answer
As mentioned by David Schwartz this doesn't work for Top Level domains. However it works for any domain below that.
To my c:\windows\system32\drivers\etc\hosts file I added
Here .dev is the top level, so I can issue a wildcard to *.localhost.dev
I haven't done this with IIS but this works fine using apache and specifying
Unfortunately you'll have to setup a new entry in
hosts
and in the apache config for each site but it's a lot easier than signing a new certificate.