2 April 2020
In Windows 10, it is pretty easy to create a self-signed SSL certificate. Open an administrative PowerShell and execute the following:
New-SelfSignedCertificate -DnsName localhost -CertStoreLocation "cert:\LocalMachine\My"
This will generate a certificate for localhost. You could change localhost to be any domain name that you'd like (ie: dev.mynetwork.com). Once generated, it is already loaded into the system.
The next step is to tell your computer to trust this certificate. To do that, run mmc.exe and add the Certificates snap-in using the Computer Account (Local Computer). You'll find your certificate in the Personal > Certificates node (pro tip: if you right click on your cert and choose Properties, you can give it a Friendly Name). Once you locate your cert, right click on it and choose Copy. Then, navigate to the Trusted Root Certification Authorities > Certificates node and Paste your cert in there.
That's it! Now, if you configure IIS to use this cert with a website serving the same URL that was specified when you created the cert (ie: localhost), you'll get a nice proper pad lock when you visit your website.
You can also issue a wildcard certificate for use with IIS or ADFS by using:
New-SelfSignedCertificate -DnsName "domain.com","*.domain.com" -CertStoreLocation "cert:\LocalMachine\My"
Replace domain.com with the domain you'd like to use.