Create a Self-Signed Certificate for an IIS Website on Windows Server 2025

Create a Self-Signed Certificate for an IIS Website on Windows Server 2025

This guide shows the GUI method in IIS Manager and the PowerShell method. It also covers binding the certificate to a site and optional export.

GUI method in IIS Manager

1) Open IIS Manager (inetmgr).

2) In the Connections pane, click your server name.

3) Double-click Server Certificates.

4) In the Actions pane, click Create Self-Signed Certificate.

5) Enter a friendly name, for example MySelfSignedCert.

6) Choose the Personal store and click OK.

7) Bind to your site: expand Sites, select the site, click Bindings, add or edit an https binding, choose the certificate, then click OK.

PowerShell method

Run in an elevated PowerShell session.

Create the certificate

$hostname = "example.local"
$cert = New-SelfSignedCertificate `
    -DnsName $hostname `
    -CertStoreLocation "cert:\LocalMachine\My" `
    -FriendlyName "MySelfSignedCert" `
    -KeyLength 2048 `
    -HashAlgorithm sha256 `
    -KeyExportPolicy Exportable `
    -NotAfter (Get-Date).AddYears(1)

Create a certificate with multiple DNS names (optional)

$cert = New-SelfSignedCertificate `
    -DnsName "example.local","www.example.local","api.example.local" `
    -CertStoreLocation "cert:\LocalMachine\My" `
    -FriendlyName "MySelfSignedCert SAN" `
    -KeyLength 2048 `
    -HashAlgorithm sha256 `
    -KeyExportPolicy Exportable `
    -NotAfter (Get-Date).AddYears(1)

Bind the certificate to an IIS site with SNI

Import-Module WebAdministration

$siteName = "MyNewSite"
$hostname = "example.local"
$httpsPort = 443

# Ensure an https binding exists for the hostname
if (-not (Get-WebBinding -Name $siteName -Protocol "https" -ErrorAction SilentlyContinue | Where-Object { $_.bindingInformation -match ":$httpsPort:$hostname" })) {
    New-WebBinding -Name $siteName -Protocol "https" -Port $httpsPort -HostHeader $hostname | Out-Null
}

# Attach the certificate to the binding
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.FriendlyName -eq "MySelfSignedCert" } | Select-Object -First 1
$bindingPath = "IIS:\SslBindings.0.0.0!$httpsPort!$hostname"

if (-not (Test-Path $bindingPath)) {
    New-Item $bindingPath -Thumbprint $cert.Thumbprint -SSLFlags 1 | Out-Null
} else {
    Set-Item -Path $bindingPath -Thumbprint $cert.Thumbprint -SSLFlags 1
}

Export the certificate to PFX for client trust (optional)

$pwd = ConvertTo-SecureString "P@ssw0rd!" -AsPlainText -Force
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.FriendlyName -eq "MySelfSignedCert" } | Select-Object -First 1
Export-PfxCertificate -Cert $cert -FilePath "C:\Temp\MySelfSignedCert.pfx" -Password $pwd

Notes and recommendations

Self-signed certificates are suitable for labs and internal testing. Browsers will warn because they are not from a trusted CA.

For production, use a certificate from a trusted CA or use ACME automation such as Let’s Encrypt.

To remove browser warnings on internal machines, distribute the certificate or the issuing root to Trusted Root Certification Authorities on client devices. In an Active Directory environment, use Group Policy to deploy trust.

    • Related Articles

    • Create a New IIS Website on Windows Server 2025

      This guide covers recommended layout, IIS steps, and a PowerShell script to automate setup. Best practice folder layout • Create one folder per site outside wwwroot. • Example: – C:\inetpub\MyNewSite Step by step in IIS Manager GUI 1) Create the site ...

    • SQL Server Restore Troubleshooting (SSMS GUI)

      This guide lists common restore errors you may see when importing a .bak in SQL Server Management Studio and how to resolve them. Focus is on GUI-based fixes, with small T-SQL snippets where helpful. Quick checklist • Confirm the .bak is on the SQL ...

    • Restore a SQL Server Database from a .bak using SSMS (GUI)

      This guide shows how to restore a .bak file into SQL Server 2022 or SQL Server Express using SQL Server Management Studio (SSMS) only. No T-SQL required. Prerequisites • SSMS installed and you can connect as a login with restore rights. • The .bak ...

    • Fixed Database Roles Cheat-Sheet

      1. db_owner • Full control of the database (create/alter/drop objects, manage permissions, backup/restore, etc.). • Equivalent to being a “database admin.” • Use when: You want someone to manage everything in just one DB. ————— 2. db_datareader • Can ...

    • Popular Articles

    • How to add your Microsoft 365 Email on an iPhone using the Outlook app

      How to Set Up Microsoft 365 Email on Your iPhone Using Outlook This guide will walk you through downloading the Outlook app and adding your Microsoft 365 email account on your iPhone. ————— Step 1: Download the Outlook App 1. Open the App Store on ...

    • Outlook Error "5objp" when setting up email on Outlook App

      Follow these steps if you are having trouble signing into Outlook with your Microsoft 365 account: ————— Step 1: Start with the onmicrosoft.com Address • First, try signing in using the @myorg.onmicrosoft.com format email address. – Example: ...

    • How to update your credit card on file

      Do you need to update your credit card on file within the Twilight I.T. Customer Portal? Here is what you need to do... Step 1: Log into the portal at https://portal.twilightit.com Step 2: Click on BILLING in the top menu. Step 3: Click on PAYMENT ...

    • How to view or download invoices on your account

      Here is the process of viewing and/or downloading invoices on your account with Twilight I.T. Step 1: Log into the client portal at https://portal.twilightit.com Step 2: Click on the BILLING menu Step 3: From here you can view all your invoices. If ...

    • How to add your Microsoft 365 Email on an Android phone using the Outlook app

      How to Set Up Microsoft 365 Email on Your Android Phone Using Outlook This guide will walk you through downloading the Outlook app and adding your Microsoft 365 email account on your Android device. ————— Step 1: Download the Outlook App 1. Open the ...