c#asp.net-coresslssl-certificateiis-express
HTTPS error in ASP.NET Core app running on IISExpress - PR_CONNECT_RESET_ERROR
When I try to run this app locally (when the SSL is enabled),
I always get this page that complains about Secure Connection:
https://localhost:44300/
Secure Connection Failed
An error occurred during a connection to localhost:44300. PR_CONNECT_RESET_ERROR
- The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
- Please contact the website owners to inform them of this problem.
What I've tried so far:
- Add a self signed
localhostcertificate with this Power Shell command:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
- Run
mmc.exeand export thatcertificatecreated by above Power Shell script from
[Console Root\Certificates (Local Computer)\Personal\Certificates]
to
[Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates.
This hasn't worked so far. If I run the app unchecking the Enable SSL, it works fine.
Please advise on a possible solution for SSL enabled environment.
Solution
Regenerating IIS Express localhost certificates worked for me:
Open
Windows PowerShell ISEusing Admin privileges.Run this script:
Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
Write-Host "Creating cert resources"
$ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
$ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
$sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
$sanBuilder.AddDnsName("localhost") | Out-Null
Write-Host "Creating cert extensions"
$certificateExtensions = @(
# Subject Alternative Name
$sanBuilder.Build($true),
# ASP.NET Core OID
[System.Security.Cryptography.X509Certificates.X509Extension]::new(
"1.3.6.1.4.1.311.84.1.1",
[System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
$false),
# KeyUsage
[System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
$true),
# Enhanced key usage
[System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
$ekuOidCollection,
$true),
# Basic constraints
[System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
)
Write-Host "Creating cert parameters"
$parameters = @{
Subject = "localhost";
KeyAlgorithm = "RSA";
KeyLength = 2048;
CertStoreLocation = "Cert:\LocalMachine\My";
KeyExportPolicy = "Exportable";
NotBefore = Get-Date;
NotAfter = (Get-Date).AddYears(1);
HashAlgorithm = "SHA256";
Extension = $certificateExtensions;
SuppressOid = @("2.5.29.14");
FriendlyName = "IIS Express Development Certificate"
}
Write-Host "Creating cert"
$cert = New-SelfSignedCertificate @parameters
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Write-Host "Creating port bindings"
# Add an Http.Sys binding for port 44300-44399
$command = 'netsh'
for ($i=44300; $i -le 44399; $i++) {
$optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
$optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
Write-Host "Running $command $optionsDelete"
& $command $optionsDelete
Write-Host "Running $command $optionsAdd"
& $command $optionsAdd
}
}
catch {
Write-Error $_.Exception.Message
}
finally {
Stop-Transcript
}
It should work just fine now.
(The script is by @Shirhatti from this Github issue page: https://github.com/dotnet/aspnetcore/issues/26437)
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?
- Avoiding strcpy overflow destination warning
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How to Implement Universal Setter/Getter Functions for Interrupt-Driven Variables in Embedded C?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended