This is a bit of an aide-memoire, based on https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/15/how-to-create-a-self-signed-san-certificate-wildcard-certificate-vs-san/
The short form is, you can do this in PowerShell:
- Open Powershell, running as administrator.
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "example.local" -FriendlyName "example.local" -NotAfter $([datetime]::now.AddYears(5))
- Go to “Manager Computer Certificate” or run CERTMGR. You should see your certificate
Next, we want to trust this certificate. We’ll need to export it.
- To export the certificate file you just created as a .PFX file, right click on the certificate, All Tasks -> Export…
- When the Export menu item is selected, an export wizard is run. On the first window read through the information and click the next button.
- In the next window, select the radio button “Yes, export the private key” and then click the next button.
- Select Export Extended Properties, and click next
- Set a password for the .PFX file you want to create#
- Choose a path and export the .pfx file
Now import it into the “Trusted Root Certification Authorities” that you can see in Certificate Manager
- Expand Trusted Root Certification Authorities –> right-click Certificates –> All Tasks –> Import.
- Select the file you just exported. Note that you may need to change the file type to Personal Information Exchange.
- Click Next, Fill in your file’s password, and complete the import.
That should be it completed.
An alternative to export the cert:
Copy the Thumbprint of the cert in your Powershell window.
$pwd = ConvertTo-SecureString -String "" -Face -AsPlainText
Export-PfxCertificate -cert cert:\localMachine\my\#Thumbprint# -FilePath #FilePath# -Password $pwd