Generating self signed SSL certificates

Back in January 2014 a security  issue was reported where Chrome would auto fill passwords on untrusted sites (sites with SSL certificate errors). Much to the inconvenience of many users, the fix  to this “bug” (released in Chrome 37) was to disable password autofill altogether on these types of sites. Like most web developers I use self-signed certificates, so all my development sites will have certificate errors. I find myself copying/pasting many dozens to hundreds of passwords daily simply because Chrome doesn’t want to autofill the field.

While there is a feature request about adding the ability to white list untrusted sites, the interim solution is to add these certificates to the trusted store. And that’s exactly what I did. I use host headers in IIS to differentiate my sites, so I need to generate certificates for each specific domain I will host. This way, they won’t have certificate issues and Chrome will remember my password. To generate these certificates, I use makecert.exe. 

First, create a trusted root CA.

makecert.exe -n "CN=Wiliam Development Root CA,O=Wiliam,OU=Development,L=North Sydney,S=NSW,C=AU" -pe -ss Root -sr LocalMachine -sky exchange -m 480 -a sha1 -len 2048 –r

And then for each domain, I create the certificate using the root CA.

makecert.exe -n "CN=*.my.dev.domain" -pe -ss My -sr LocalMachine -sky exchange -e 01/01/2100 -in "Wiliam Development Root CA" -is Root -ir LocalMachine -a sha1 -eku 1.3.6.1.5.5.7.3.1

Change *.my.dev.domain to your dev site domain. Then assign the certificate to the development site in IIS, and pow! Trusted site!