How do I restore a missing IIS Express SSL Certificate?

Question

Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. I typically run appwiz.cpl to launch the old control panel applet and run repair from there.

Windows 7 and 8.1: After going to Add/Remove Programs and choosing the "Repair" option on IIS Express, the certificate has been reinstalled and I can now launch IIS Express sites using HTTPS.

The certificate is back:

And I can now launch the IIS Express site using HTTPS:

For Visual Studio 2015, IIS Express 10, Windows 10, these options didn't work for me. IIS Express 10 didn't have a repair option.

I managed to solve the problem using the IisExpressAdminCmd.exe command available at C:\Program Files (x86)\IIS Express.

From an elevated command prompt run:

cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:urlToYourSite -UseSelfSigned

Replacing urlToYourSite with your url.

e.g.

cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44387/ -UseSelfSigned

After that I closed IIS Express and restarted my site from Visual Studio and it prompted to automatically trust the self-signed certificate.

Hope that helps.

Also note that for IIS Express to work with SSL, the port used needs to be in the 44300 through 44399 range (http://www.iis.net/learn/extensions/using-iis-express/running-iis-express-without-administrative-privileges).

So, if you're using IIS Express in Visual Studio, make sure the port selected is in the required range: vs setting for iis express

Sometimes this error is because of a different certificate installed for localhost. If that is the case, there is no need to restore the IIS Express certificate. Instead, you can do the following to tell IIS Express to use your existing certificate:

1. Open the Certificates MMC snap-in as described here
2. Find your localhost certificate e.g. under Personal...Certicates and get its thumbprint:
   1. Bring up the properties dialog for the localhost certificate and find the Thumbprint property
   2. Paste the thumbprint value into Notepad (or whatever) and remove the spaces and any special characters at the beginning
3. Find the port value of your IIS Express project:
   1. Go to the project properties in Visual Studio and finding the "SSL URL" value, e.g. "https://localhost:44300/MyApp".
   2. In this example 44300 is the port number. If yours is different, change that value in the later commands.
4. Use the following commands in an administrative command prompt (not Powershell):

netsh http delete sslcert ipport=0.0.0.0:44300

netsh http add sslcert ipport=0.0.0.0:44300 certhash=your_cert_hash_with_no_spaces appid= {123a1111-2222-3333-4444-bbbbcccdddee}

The Guid in the above command can be replaced with one that you generate. It does not correspond to any existing IIS Express value.

For further reference see Handling URL Binding Failures in IIS Express.

With new Chrome 58, nothing from the answers below will help. I've just spent 1 hour uninstalling / reinstalling certificates and trying to find out where the problem is.

Apparently Chrome 58 will refuse certificate because "missing_subjectAltName"

The solution is either "badidea" passphrase or if you need to open popups for login you have to use:

chrome://flags/#allow-insecure-localhost

The source is and the upvote belongs to: https://stackoverflow.com/a/38926117/2089232 :)