HowTo: Use self-signed certificates during Windows Apps development (no code required)

16 December 2014 0 By David

TL;DR; My solution was to save my self signed certificate in DER format, sticking it on a local IIS site, loading the URL to the certificate in my mobile emulator, opening the file (when prompted) and installing the certificate. Having done this, my mobile now trusts that certificate and I am free to play to my hearts content over HTTPS.

I have recently been writing a sample application for implementing OpenID Connect upon the windows runtime (Universal App for Windows and Windows Phone) and ran into issues when attempting to connect to a service running over HTTPS but using a self signed certificate.

As would be expected, the phone doesn’t know anything about the certificate and rightly doesn’t proceed with the communication.

The annoying issue is when this happens without you receiving any notification – such as when I was using

WebAuthenticationBroker.AuthenticateAndContinue

Calls using the WebAuthenticationBroker when the certificate trust fails, will result in a misleading WebAuthenticationStatus being returned – namely UserCancel.

So a quick search found many ways to solve this issue through code or modifying my application manifest. My issue with these solutions where the fact that, in my case, the error only exists in the development environment. I certainly don’t want to write code into my client to ‘ignore certificate errors’. I also don’t want to add all test certificates into the application manifest.

My Solution

Here’s what I found worked for me.

1. Save self-signed certificate

The service I was hosting over HTTPS happened to be running under IIS Express. IIS Express installs a self signed certificated on your machine so what we want to do is export that certificate into a file that can be downloaded by our phone. There are a couple of ways you can export the certificate, but the easiest way for now is to navigate to the service being hosted over HTTPS, clicking on the ‘secure padlock’ symbol, and selecting Certificate Information (Chrome)

This presents the standard windows dialog for certificate information. What you want to do is switch over to the details tab and click the Copy to file… button. Follow through the rest of the Certificate Export Wizard steps and you will have a file containing the certificate.

2. Host the certificate file on a web server

Now you just need to get that certificate onto your windows phone emulator somehow. The way I did it was to simply place the cert file in the root of a local IIS website. One thing you must do is add a mime-type to the IIS configuration to allow .cer files to be downloaded as I found that IIS doesn’t know how to deal with that file type by default.

Simply navigate to your web site in IIS Manager, Switch to the MIME Types setting panel and add an entry for the .cer file extension with the mime-type of application/octet-stream.

3. Open the certificate in your emulator’s browser and install

In a browser on your phone emulator, Navigate to the site hosting your certificate file, select OPEN when prompted, followed by Install. This should be all you need to do.