Back to: ASP.NET Core Tutorials For Beginners and Professionals
How to Use SSL in Local IIS Server While Hosting ASP.NET Core Application
In this article, I will discuss How to Use SSL in a Local IIS Server While Hosting an ASP.NET Core Application. Please read our previous article discussing How to Host ASP.NET Core Web Application In a Local IIS Server, and we are also going to work with the same application that we created and hosted into IIS in our previous article.
How to Use SSL in Local IIS Server while hosting ASP.NET Core Application
To use SSL (Secure Sockets Layer) with your local IIS (Internet Information Services) server while hosting an ASP.NET Core application, you can follow these steps:
Install SSL Certificate:
Before you can enable SSL on your local IIS server, you need an SSL certificate. You can obtain a trusted certificate from a Certificate Authority (CA) or create a self-signed certificate for testing. To create a self-signed certificate using PowerShell, open PowerShell as an administrator and run the following command:
New-SelfSignedCertificate -DnsName localhost -CertStoreLocation “cert:\LocalMachine\My”
This command creates a self-signed certificate for the “localhost” domain and stores it in the local machine’s certificate store. To view the self-signed certificate, open the run window, type the command certlm.msc, and click on the OK button as shown in the image below:
This will open the following window. Here, you need to select the Personal and Certificates option, as shown in the image below, which will show the self-signed certificate that you can use in your local host. This is not for production.
Open IIS Manager and Select Your Website:
Open IIS Manager, and then in the Connections pane on the left, expand your server node, and then expand “Sites.” Select the website to which you want to add SSL.
Add HTTPS Binding:
Once you select the project, on the right-hand side, from the Actions pane, click on Bindings as shown in the below image:
It will open the following Site Binding window. Here, you need to click on the “Add” option to add a new binding, as shown in the below image:
Once you click on the Add option, it will open the following Add Site Binding window. In the “Add Site Binding” window, set the following:
- Type: HTTPS
- IP Address: All Unassigned (or your specific IP if needed)
- Port: 443 (default HTTPS port)
- SSL Certificate: Select the SSL certificate you created, i.e., localhost
And finally, click on the OK button as shown in the below image, and then close the Site Binding window.
Now, you can access your application with https protocol, and you can also see two options to browse the website in the Action pane, as shown in the image below:
Now, click on the Browse *:443 (https) option, and it should open the website using https protocol as shown in the below image:
How do we remove the Not Secure Warning while using SSL:
When you use a self-signed certificate for your localhost in IIS (Internet Information Services), web browsers typically show a “Not Secure” warning because the certificate is not trusted by default. To remove this “Not Secure” error, you need to do the following:
Open the “Manage Computer Certificates” MMC console:
Open the Run window, type certlm.msc, and press Enter. Expand “Personal” > “Certificates” in the left pane. Locate your localhost certificate in the right pane. Right-click on the certificate, choose “All Tasks,” and select “Export” as shown in the below image:
This will open the following certificate export wizard. Click on the Next button as shown in the below image.
Once you click on the Next button, it will open the following Export Private Key window. From this window, select Yes, export the private key radio button, and then click on the Next button as shown in the below image:
Once you click on the Next button, it will open the following window. From this window, select the “Personal Information Exchange – PKCS #12 (.PFX)” radio button, keep the rest of the checkboxes as they are, and then click on the Next button, as shown in the image below.
Once you click on the Next button, it will open the following Security window. Here, you need to set a password for the export (you’ll need this password later). I have provided the password as Abcd@1234 and then click on the Next button as shown in the below image:
Once you click on the Next button, it will open the following window. Here, you need to select the location, and then you need to save the exported certificate as a .pfx file, as shown in the below image. I am saving the exported certificate in the D:MyCertificate folder. I am providing the file name as MyLocalHostCertificate.pdx and clicking the Next button.
Once you click on the Next button, it will export the certificate, and you will get the following message. Verify the details and click the Finish button, as shown in the image below.
Once you click on the Finish button, you will get a message saying that the export was successful. Now, if you verify the MyCertificate folder in D drive, then you should see the following:
Install the Self-Signed Certificate:
Open the Run window, type certlm.msc, and press Enter. Then expand “Trusted Root Certification Authorities” in the left pane. Right-click on “Certificates” and choose “All Tasks” > “Import” as shown in the below image:
This will open the following window. Simply click on the Next button as shown in the below image:
Once you click on the Next button, it will open the following window. Here, we need to select the .pfx file that we exported earlier and then click on the Next button, as shown in the below image. Here, if you are unable to locate the .pfx file, then please select All files, which will show you all the files.
Once you click on the Next button, it will open the following window asking you to Enter the Password. Please enter the password that you set during export. I have set the password as Abcd@1234. So, provide the correct password and click on the Next button as shown in the below image:
Once you click on the Next button, it will open the following window. Here, choose to place the certificate in the “Trusted Root Certification Authorities” store and click on the Next button as shown in the below image:
Once you click on the Next button, it will open the following window. Simply click on the Finish button.
Bind the Certificate in IIS:
- Open IIS Manager (inetmgr).
- In the left pane, select your website or the default website if that’s where you want to use the certificate.
- In the right pane, under “Actions” click on “Bindings”
- Click “Add” to create a new binding.
- Set the type to “https”
- Select your self-signed certificate from the dropdown list.
- Set the port (usually 443) and hostname (e.g., localhost).
- Click “OK” to save the binding.
Restart IIS:
- In IIS Manager, select your server in the left pane.
- In the right pane, under “Manage server,” click on “Restart.”
Access Your Site with HTTPS:
Open your web browser. Navigate to your website using the https://localhost URL as shown in the below image:
In the next article, I will discuss How to Perform CRUD Operation on a Single Page in ASP.NET Core MVC using jQuery Ajax. In this article, I try to explain How to Use SSL in a Local IIS Server While Hosting an ASP.NET Core Application. I hope you enjoy this article: How to Use SSL in Local IIS Server While Hosting ASP.NET Core Application.
About the Author: Pranaya Rout
Pranaya Rout has published more than 3,000 articles in his 11-year career. Pranaya Rout has very good experience with Microsoft Technologies, Including C#, VB, ASP.NET MVC, ASP.NET Web API, EF, EF Core, ADO.NET, LINQ, SQL Server, MYSQL, Oracle, ASP.NET Core, Cloud Computing, Microservices, Design Patterns and still learning new technologies.