Iis – Why is the self-signed wildcard certificate not working

I have successfully created and used a self-signed certificate on my development machine (IIS 7.5 – Windows 7).

To do this I generated a self signed cert with a common name (CN) = app.localhost and imported it into the Trusted Root Certification Authorities store. I then imported the same cert into IIS and bound it to my site with a Host Name = app.localhost.

This worked fine.

Now I am developing an api that runs under api.localhost. This too needs SSL. So I created a new self-signed cert as before except I specifed a CN = *.localhost. The new cert was added to the Trusted Root Certification Authorities store and imported into IIS as before. Both sites (app.localhost & api.localhost) were successfully bound to the wildcard cert.

This did not work.

Chrome complains with:

You attempted to reach api.localhost, but instead you actually reached
a server identifying itself as *.localhost.

IE makes a similar complaint.

How do I make a self-signed wildcard certificate that works?

Best Answer

As mentioned by David Schwartz this doesn't work for Top Level domains. However it works for any domain below that.

To my c:\windows\system32\drivers\etc\hosts file I added

127.0.0.1 mysitename.localhost.dev

Here .dev is the top level, so I can issue a wildcard to *.localhost.dev

I haven't done this with IIS but this works fine using apache and specifying

<VirtualHost *:80>
    DocumentRoot C:/xampp/htdocs/hookd/mysite/public
    ServerName mysitename.localhost.dev
</VirtualHost>

Unfortunately you'll have to setup a new entry in hosts and in the apache config for each site but it's a lot easier than signing a new certificate.

Best Answer

Related Solutions

Why might Windows falsely claim a self-signed root CA certificate is revoked

Windows – IIS no longer trusts any CAs for client authentication

Related Topic