Open in app

Sign in

Write

Sign in

Create Self-Signed SSL Certificate with ignoring Browser warning’s

Jeevankumar R
DeveloperNeeds
Published in
4 min readApr 28, 2020

Only for Non Production Environments

Browser view of HTTP vs HTTPS websites

To whom this Article for?

  • Developers/Testers who want to setup development or testing environment replicating Production environment with Self-Signed SSL certificates.
  • Note : Self-Signed certificates are strictly not advised for production environments

What is Self-Signed SSL Certificates:

In General SSL certificates are signed by certificate authority(CA) who was trusted by the owner and user. Normally CA authorised certificates are used in Production environment to tighten the security by encrypted communication between web browser and web server, CA authorised SSL certificates are usually a paid service.

In case of development environments where developer are tester trying to replicate the live environment we can use the Self-Signed SSL Certificates which was authorised by its owner(Developer or Tester) with free of cost and this certificate will be trusted in peer-to-peer applications.

In Layman’s terms, Self-Signed SSL is like using a Learners Driving License to practice your driving, you should not use this as an original license and drive inside the city.

Prerequisite:

  • Windows OS installed machine
  • PowerShell

Step By Step Self-Signed Certificate Creation:

  • Open PowerShell, make sure you have admin rights
  • Create self-signed certificate using New-SelfSignedCertificate cmdlet, Make sure to use FQDN of your system in DNS name(Please check end of this article on how to find FQDN name if you are interested)
$New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName "YourFQDN" -TextExtension @("2.5.29.19={text}CA=true") -KeyUsage CertSign,CrlSign,DigitalSignature

Certstorelocation : is where the certificate will be stored, use same as mentioned
Dnsname: is the name of your machine or fully qualified domain name.The FQDN (Fully Qualified Domain Name) which can be used instead of ip address or localhost to access the server.

  • After the execution of the command you will find the below window indicating certificate with basic details.

View Installed Certificates in Current User with Microsoft Management Console(MMC):

  • open the Run command window by pressing Window key+R and type “certmgr.msc” in the window opened and click OK
  • To view the created certificate, navigate to Certificates>Personal>Certificates. you will find the certificate in same name as DnsName you provided.

Installing a Certificate in the Trusted Root Certification Authorities Store

Any certificates that are signed at Trusted Root Certification Authorities are trusted by the computer which will avoid the browser warning about the root certificates, considering this make sure to remove the certificate when not in use for a security.

  • Move the certificate you created to Trusted Root Certification Authorities -> Certificates by simple track and drop.
  • Export the certificate from Trusted Root Certification Authorities -> Certificates by right click > ALL TASKS > Export
  • Follow the Certificate Export Wizard to backup your certificate to a .pfx file
  • a. Select Yes, Export the Private key and click Next
  • Keep the default selection, (make sure to NOT select the delete Private Key option)
  • Choose the password you will remember, which will used for further usage of this certificate file with the repositories like Java KeyStore (JKS).
  • Choose to save file on a set location.
  • Click Finish.

Avoid Browser warning in Peer computers

To avoid Browser warning’s on any system import this certificate into Trusted Root Certification Authorities in the user system by below steps.

1. Open the certificate snap-in. As soon above by Run command.

2. Open the Trusted Root Certification Authorities folder.

3. Right-click the Certificates folder and click All Tasks, then click Import.

4. Follow the on-screen wizard instructions to import the yourExportedCertificate.pfx into the store.

Fully Qualified Domain Name (FQDN):

FQDN is an unique address consists of the host name and the domain, and is used to locate specific hosts online and access them. FQDN is predefined by the domain name system (DNS)

Finding FQDN in Windows by command:

echo %COMPUTERNAME%

Finding FQDN in Linux:

hostname --fqdn

Related Topics:

Convert exported PFX file to JKS to use it with Application server like Tomcat

Converting PFX to Java KeyStore (JKS) and use with Application Servers

medium.com

Have a good Reading!

Self Signed Certificate
Ssl Certificate
Powershell
Windows
Https

--

--

Jeevankumar R
DeveloperNeeds

Written by Jeevankumar R

2 Followers
Editor for

Experienced Java programmer, love to read books, and finance and investment enthusiast.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams