Adding SSL Certificate via “netsh.exe” does not last after a machine restart

iis-expressnetshssl-certificate

I am currently building an ASP.Net MVC 3 eccomerce app that uses IIS Express for my development server.

As we are accepting payments via the app we need to enforce SSL connections for the checkout process.

After following Scott Hanselman's well written article on how to set up self signed SSL certificates for use with IIS Express, I can access my site via both:

This is all gravy, until I restart.
It seems that each time I restart (for whatever reason) I need to run the following commands again:

netsh http delete sslcert ipport=0.0.0.0:443
netsh http add sslcert ipport=0.0.0.0:443 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=<thumbprint from Certificate Manager>

I have tried exporting and importing the generated certificate, as well as dragging the certificate from the Personal Store to the Trusted Root Certification Authorities.
Both to no avail.

Does anyone have any ideas?

Best Answer

This problem is mentioned by a few people in the comments on http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx

The final comment is:

I think by moving the self signed cert from Personal to Trusted Root CA directory causes a problem that SSL stops working after developers reboot their machines. (Don't know how it happens, but it does happen consistently.) I finally get around this issue by export and re-import the self-signed cert into the trusted root directory (instead of simply drag it over). Now my self-signed cert is considered and I don't need to REINSTALL/REPAIR IIS Express every time I reboot the machine.

Related Topic