Self signed certificated for local development

HTTPs is become more and more in common, even for local development environment. 

I have 4 Sitecore instances installed at my local, Sitecore 6, Sitecore 8.2, Sitecore 9.0.2 and Sitecore 9.1.1. They all have different domains. I also have some other websites. It turns out i have more than 10 IIS sites.

So i'm looking for a way that can easily generate a wirdcard SSL certificate for me. It actually pretty easy to use Powershell script to do it.

First of all, you need a Root CA certificate. I found the following scripts at here

function GenerateRootCA([string] $RootCaName = "Dev Root Authority", [SecureString] $Password, [string] $PfxPath = "rootca.pfx", [string] $CrtPath = "rootca.crt", [bool] $import=$false) {

$rootCA=New-SelfSignedCertificate `
-certstorelocation cert:\currentuser\my `
-dnsname $RootCaName `
-notafter "2050-01-01" `
-keyusage CertSign,CRLSign `
-textextension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.4,1.3.6.1.5.5.7.3.3,1.3.6.1.5.5.7.3.8,1.3.6.1.5.5.7.3.1","2.5.29.19={critical}{text}ca=TRUE")

$certPath ="cert:\currentuser\my\" + $rootCA.Thumbprint
$null = Export-PfxCertificate -cert $certPath -FilePath $PfxPath -Password $Password
$null = Export-Certificate -Cert $certPath -FilePath $CrtPath
if($import -eq $true) {
$null = Import-PfxCertificate -FilePath $PfxPath -CertStoreLocation Cert:\LocalMachine\Root -Confirm:$false -Password $Password
}

$certPath
}

function GenerateCASignedCert([string] $RootCAPath, [string[]] $DomainDns, [SecureString] $Password, [string] $PfxPath = "", [string] $CrtPath = "", [bool] $import=$false, [string] $friendlyName="") {

if ($PfxPath -eq "") { $PfxPath = "$DomainDns.pfx" }
if ($CrtPath -eq "") { $CrtPath = "$DomainDns.cer" }
if ($friendlyName -eq "") { $friendlyName = $DomainDns[0] }

$rootcert = (Get-ChildItem -Path $RootCAPath)
$cert = New-SelfSignedCertificate `
-certstorelocation cert:\currentuser\my `
-dnsname $DomainDns `
-Signer $rootcert `
-notafter "2050-01-01" `
-keyusage KeyEncipherment,DataEncipherment `
-textextension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") `
-friendlyName $friendlyName

$certPath = "cert:\currentuser\my\" + $cert.Thumbprint
$null = Export-PfxCertificate -cert $certPath -FilePath $PfxPath -Password $Password -InformationAction SilentlyContinue
$null = Export-Certificate -Cert $certPath -FilePath $CrtPath -InformationAction SilentlyContinue

if($import -eq $true) {
$null = Import-PfxCertificate -FilePath $PfxPath -CertStoreLocation Cert:\LocalMachine\WebHosting -Confirm:$false -Password $Password
}
$certPath
}

 Save above script to GenerateRootCA.ps1

Use following script to generate a new Root CA certificate. The certificate name is DO_NOT_TRUST_LOCALDEVELOPMENT, and you can find it at Cert:\LocalMachine\Root\

. '.\GenerateRootCA.ps1'

#Generate secure string password
$pwd = ConvertTo-SecureString "tellno1" -AsPlainText -Force

#Generate Root CA
$rootCa = GenerateRootCA -Password $pwd -RootCaName "DO_NOT_TRUST_LOCALDEVELOPMENT" -PfxPath "DO_NOT_TRUST_LOCALDEVELOPMENT.pfx" -CrtPath "DO_NOT_TRUST_LOCALDEVELOPMENT.cer" -Import $true


Now I can use the following script to generate the SSL Certificate you need. When i have a new domain, i just need to update the $dnsName and run the script again.

$rootCert = Get-ChildItem "Cert:\LocalMachine\Root\*" | Where-Object -Property Subject -EQ -Value "CN=DO_NOT_TRUST_LOCALDEVELOPMENT" | Select-Object -First 1

$rootCertPath = "Cert:\LocalMachine\Root\" + $rootCert.Thumbprint

$cert = Get-Item $rootCertPath

$dnsName = 'localhost', '*.localhost.au', '*.sc902.local', 'sc902.local', 'sc911.sc', '*.sc911.sc', 'sc911.xconnect', 'sc911.identityserver', '*.dev.local'

New-SelfSignedCertificate -DNsName $dnsName -Signer $cert -Subject "CN=LocalDevelopment-$((Get-Date).ToString("yyyyMMdd"))" -FriendlyName "Local Development $((Get-Date).ToString("yyyyMMdd"))" -NotAfter ((Get-Date).AddYears(10))