Configuring local website domain and SSL using IIS7

Creating your website

This tutorial is not really about how to add your website to IIS, but just as a quick reminder: Open IIS, expand your Computer icon, right click on “sites”, click on “Add new site…” and select the folder where it’s placed. Remember that if it’s a .Net website you may have to set the right Framework at the App Pool.

Setting a website’s domain

Now that we have our website running but that we need to access it using localhost or 127.0.0.1, maybe using some port to have multiple websites like :8080 or :9999, you may prefer to set a domain and get rid of the port.

Select your website on the left panel, now look for the “Bindings” option on the right panel and click it, click on “Add…” and set up your new domain access:

Type: http
Ip Address: “All unassigned”
Port: 80 (default)
Host name: some examples:
mydomain.local
www.mydomain.local
local.mydomain.com

Just try to make sure that the domain you set does not exist, as we are going to divert requests to it from the Internet to our local machine and you won’t be able to access the public one.

Diverting requests by host

Now the fun starts: open notepad as admin and then open this file with it (you can’t do it the other way around as notepad needs admin permissions to modify this file): C:\Windows/System32/drivers/etc/hosts

The file has no extension so make sure you filter by “All files (*.*)” on the open file dialog.

Once opened, you already have an explanation and examples in that file, but to quick it up, just write your localhost IP, space, your domain. This will redirect all requests to that Host to your localhost:

127.0.0.1 local.mydomain.com

Save and close.

Setting an SSL certificate

Ok, depending on your website requirements you may need to create an SSL certificate to allow SSL requests (HTTPS) to your website. First you need to create the certificate, then bind it to the website:

Creating the certificate

Ok, on the IIS, select your computer and you should see some options on the right. Find and open “Server certificates”. Click on “Create Self-signed certificate”. Give it a friendly name, preferably same as your website name, as you may need to create more in the future and you probably want to know which one belongs to who (though you can re-use a certificate but this would require to stop a website to run the other as both can’t run on the same port and a certificate has to set its port). Click Ok to create it.

Binding the certificate

Now select your website again and click on “Bindings”. You can add another Binding and this time we will choose HTTPS as the Type:

Type: https
Ip Address: “All unassigned”
Port: 443 (default)
Host name: – empty, can’t be set –
SSL certificate: The one you just created.

This method has a little problem though, the certificate you just generated is not valid as it uses your server’s name (usually the machine’s name) to set the certificate’s common name, and your set up domain is probably going to be different even if you use localhost. So if you try to browse the website using HTTPS the browser will complain but you have the option to “accept the certificate as valid” and move on… though you may need to do this a few times and on every browser. Also, this can provoke issues with Fiddler too.

Setting the right common name in the certificate

You will need to install the Internet Information Services (IIS) 6.0 Resource Kit Tools for this. When installing, select “Custom install” and untick everything except for SelfSSL. You can install the rest of the tools but you probably don’t need them.

Once installed, go to: Start Menu > IIS Resources > SelfSSL > SelfSSL

Execute this command changing the domain for yours (if you get an error about opening it, ignore it):
SelfSSL /N:CN=local.mydomain.com /V:1000

You will be asked if you want to proceed, answer with a “y”.

After creating this certificate, you should be able to bind it to your website using IIS. If you try to browse it, the error has changed from “Invaled certificate” to “Untrusted certificate”, as the source is not a trusted one.

Adding a certificate to the trusted Authorities list

Well, we just need to include this certificate into your computer trusted authorities. To do that: Start Menu -> Run/Search > mmc > enter

The Console Root will open, click on File > Add/Remove Snap-In… > Double click on Certificates > Select “Computer Account” > Next > Select “Local computer” > Finish > Ok.

Now expand the Certificates tree on the left and go to Personal > Certificates. Right click on the certificate you want to trust and select “Copy“.

Then go back to the Certificates Tree and this time go to “Trusted Root Certification Authorities” > Certificates. Right click and paste the copied one.

Done.

Source

You have another tutorial of how to do this at sslshopper which helped me a lot. Thanks guys!

Leave a Reply

Your email address will not be published. Required fields are marked *