I'm working on a Web Application in ASP.NET and there are certain pages that are displayed over https because we deal with credit card numbers, usernames and passwords. In these pages, I make sure that they're being displayed over a secure connection and if they're not, I don't display anything. That way, if someone was to manually enter the URL or edit it, they wouldn't end up displaying the sensitive data on an insecure connection.
That's all working perfectly, I don't really need any help with that. The problem is that when I am running my development version of the application on http://localhost/website
, the requests for https://localhost/website/pagename.aspx
result in an error because I don't have a Secure Certificate on my own machine. I currently work round the problem by commenting out the lines of code in my application that normally check the connection is secure before returning content. That's not ideal, though, as I sometimes forget to uncomment the lines before deploying an update and it means I can't use certain hyperlinks in my application because they open pages in https.
Is there a way I can set up a test secure certificate on my machine purely for testing? How do other people handle this situation. Surely large companies don't buy a secure certificate for each developer in their team?