It’s possible to run IIS-hosted WCF locally, with SSL.
Here’s the full guide: Configure an IIS-hosted WCF service with SSL.
To generate self-signed trusted SSL certificate, see How to Create Valid and Trusted SSL Certificate (Wildcard) for Development.
Just in case you need it, for web application to run on IIS Express with SSL, see: Enable SSL in IIS Express
It’s possible, fairly easy too. I am running Visual Studio 2013.
Highlight Web project from your Solution Explorer.
Under “View” menu, click on “Properties Window” (CTRL + W, P). Then, change “SSL Enabled” property to True
The first you run the web application, you will be shown a warning message that you run on SSL. Then, Security Warning message to install certificate, just “Yes” it out.
You can now browse to HTTPS of the web app by clicking on the IIS Express. The port of HTTPS address may be different than non-SSL.
Your browser may show untrusted SSL certificate. If you prefer trusted SSL certificate, you can generate this yourself. How to Create Valid and Trusted SSL Certificate (Wildcard) for Development.
For configuring IIS-hosted WCF to run on SSL, see Configure IIS-Hosted WCF to Run On SSL.
For development purpose, sometime you need trusted SSL certificate that won’t give you certificate validation error. To avoid this problem, you can buy valid certificate from trusted CA. Another way is to create your own. This will guide you how to create trusted root certificate authority and self-signed certificate.
Following are required tools:
Both of these files can be found in your Microsoft SDKs folder, or try search in one of the following folder. If your machine is 32-bit, search under “Program Files (x86)” folder instead.
It’s a good idea to create a new folder and place all files in the new folder. When running the commands to create the certificates, run it under the new folder as well.
C:\DevCert> makecert.exe -r -n "CN=dev.root" -pe -sv dev.root.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -cy authority dev.root.cer C:\DevCert> pvk2pfx.exe -pvk dev.root.pvk -spc dev.root.cer -pfx dev.root.pfx
You can change certificate name, valid to and valid from dates (-n “CN=dev.root”, -b 01/01/2014, -e 12/31/2200, respectively), to whatever you like.
You may be prompted to create a password. This is the password to your private key.
This command will generate 3 certificates:
Install “dev.root.cer” root certificate to the store (Computer Account), under “Trusted Root Certification Authorities” folder.
C:\DevCert> makecert.exe -iv dev.root.pvk -ic dev.root.cer -n "CN=dev.site" -pe -sv dev.site.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -sky exchange dev.site.cer -eku 1.3.6.1.5.5.7.3.1 C:\DevCert> pvk2pfx.exe -pvk dev.site.pvk -spc dev.site.cer -pfx dev.site.pfx
You can change certificate name, valid to and valid from dates (-n “CN=dev.site”, -b 01/01/2014, -e 12/31/2200, respectively), to whatever you like.
You may be prompted to create a password. This is the password to your private key.
This command will generate 3 certificates:
You can create a wilcard certificate by prepend “*” (asterisk) on certificate name, for example:
C:\DevCert> makecert.exe -iv dev.root.pvk -ic dev.root.cer -n "CN=*.dev.site" -pe -sv w.dev.site.pvk -a sha1 -len 2048 -b 01/01/2014 -e 12/31/2200 -sky exchange w.dev.site.cer -eku 1.3.6.1.5.5.7.3.1
In Certificate snap-in of Management Console (mmc):
To use certificate as SSL certificate, the CN name must match host name of the site. For example, if the site has host name “dev.site”, the certificate CN’s name must also be “dev.site”.
To use wildcard certificate in multiple sites as SSL certificate for the same IP address, it must have valid host name (ie, *.dev.site). With this approach, each site using the wildcard certificate must have different host name (ie, blog.dev.site and news.dev.site).
