34

I have enabled SSL in Visual Studio as shown below:

enter image description here

I have also set the below:

enter image description here

When I access the website via IE (via Visual Studio debugging) I see this:

enter image description here

When I access the website via Firefox (via Visual Studio debugging) I see this:

enter image description here

There is no option to progress to the website in either Firefox or IE. I have spent all day trying to understand what is wrong. What am I doing wrong?

w0051977
  • 15,099
  • 32
  • 152
  • 329
  • Do you have certificate? I suppose you use self-signed ssl certificate (not trusted) so browser prevents you to open page. When you click "Learn more" you should be able to open page despite unsecure certificate. – pwas Aug 27 '16 at 17:19
  • @nopeflow, Learn more takes me to a Mozilla troubleshooting webpage. – w0051977 Aug 27 '16 at 17:20
  • @nopeflow, how do you configure the certificate in Visual Studio? – w0051977 Aug 27 '16 at 17:21
  • Ah I see, so something else is wrong. – pwas Aug 27 '16 at 17:21
  • @nopeflow, any ideas what this is? – w0051977 Aug 27 '16 at 17:21
  • Look at [here](http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx) – Oleg Aug 27 '16 at 17:26
  • @Oleg, thanks but unfortunately the warning in screenshot six does not happen. I get the annoying and useless warnings in my OP. I cannot believe how difficult this is. – w0051977 Aug 27 '16 at 17:31
  • @w0051977: Do you created self-signed SSL certificate or get free SSL certificate from letsencrypt for example (see [here](https://github.com/Lone-Coder/letsencrypt-win-simple/releases) for example)? Do you configured IIS Express to use the certificate? Wich version of Visual Studio you use? – Oleg Aug 27 '16 at 17:39
  • @Oleg, how do I do this? There is no user interface for IIS Express. I can create a self signed certificate in IIS (full version) and bind it to a website. Is there a way to do this in IIS Express? – w0051977 Aug 27 '16 at 17:45
  • @w0051977: Look at `%USERPROFILE%\Documents\IISExpress\config\applicationHost.config`. One can edit the configuration manually. Moreover there are exist `"%ProgramFiles%\IIS Express\IisExpressAdminCmd.exe"` described in [the article](http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx), which I posted you originally (see "APPENDIX Z"). The utility simplify some steps of the SSL configuration. – Oleg Aug 27 '16 at 17:54
  • Did you try browsing as https://localhost:44314. It's not recommended to test SSL with IP as certificates are bound to domain(s) name. – Ravi A. Aug 27 '16 at 18:02
  • @Ravi A, yes I did. If I specify localhost then IE searches Goo9gle for the word localhost when I run the app in Visual Studio, which is really annoying. I have no idea what is wrong. – w0051977 Aug 27 '16 at 18:04
  • Try typing it completely - h ttps://localhost:44314 . (remove the space to avoid SO formatting) – Ravi A. Aug 27 '16 at 18:06
  • @Ravi A, I did. It searches Google for the word: localhost. – w0051977 Aug 27 '16 at 18:08
  • Can you try this for the search problem http://stackoverflow.com/questions/10764008/localhost-doesnt-open-in-ie9 – Ravi A. Aug 27 '16 at 18:15
  • @Oleg, when I get to the stage of: "Take the hash and plug it in to the end of THIS command:" the batch statement runs constantly as if it is in a continuous and infinite loop. I cannot believe how difficult this is. I thought it would be a fifteen minute job this morning. Sixteen hours so far. – w0051977 Aug 27 '16 at 19:31
  • @w0051977: Do you mean that `netsh http add sslcert ipport=0.0.0.0:443 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=YOURCERTHASHHERE` works long lime? The `IisExpressAdminCmd.exe` Utility should do the same and you even don't need to search for `certhash`. About sixteen hours: sorry, but I'm not an author of IIS Express. Some things are really not so easy. Good SSL configuration take time. Is your computer has public DNS name (do you use Dynamic DNS providers for example) and web site available from the internet (TCP ports 80 and 443 are opened)? You can get public SSL certificate. – Oleg Aug 27 '16 at 19:48
  • Can anyone else help please? I have tried following the long, convoluted post that Oleg posted but that has not helped. – w0051977 Aug 28 '16 at 08:55
  • I have also tried this post: http://www.codeproject.com/Tips/766918/Visual-Studio-Use-HTTPS-SSL-On-Web-Application-Pro. I am not prompted with the message: "would you like to trust the IIS Express SSL Certificate" and no certificate appears in the certificate store after enabling SSL. Please help. – w0051977 Aug 28 '16 at 08:57
  • If you are okay to start from scratch you can try this http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx – Ravi A. Aug 29 '16 at 06:40
  • Usually it means the default certificate bindings set by IIS Express installer has failed, and you should remove and reinstall IIS Express via Programs panel. – Lex Li Dec 27 '16 at 08:44

5 Answers5

80

I see this EXACT problem from time to time, when using SSL, and have found that (especially when working on someone else's project in a team environment) the Visual Studio project web settings (SSL ports) sometimes get messed up. Here's what I do to fix them:

  • In Solution Explorer, click your project.
  • Hit the F4 key (view properties).
  • Copy the URL (NOT the SSL URL).
  • Paste the URL into the Project Url on the Web Tab, Save.
  • In Solution Explorer, click your project.
  • Hit the F4 key (view properties).
  • Change SSL Enabled to false.
  • Change it back to true. There should be a new SSL URL. Copy it.
  • Paste the new SSL URL into Project URL on Web tab. Click Create Virtual Directory.
  • Click Override application root URL, and paste in SSL URL. Save.

This always solves the issue for me.

XjeaxaxX
  • 827
  • 6
  • 4
  • Thank you man. This solved my issue, after 1 hour of hustling with VS. – Mosia Thabo Nov 06 '19 at 11:59
  • Thank you. You have helped me to avoid struggle with this. – Richard Dias Nov 07 '19 at 02:31
  • HOURS of troubleshooting solved by this. Thank you! – Ricky Apr 23 '21 at 02:37
  • Since modern browsers FORCE an SSL requirement and IE is being buried, this is invaluable information. Thank you so so much - this buys me some time to upgrade some legacy applications. – Craig Jun 21 '21 at 11:37
  • This solved my problem, I've been working around it for a couple of years now with this on-and-off project of mine, and I finally got fed up this go-round and found this. Thanks so much! – YtramX Aug 22 '23 at 19:01
43

Say you have a .NET MVC or Web API project and you’d like to run it on SSL. In other words you’d like to start up the project on a URL similar to https://localhost:xxxx. The first step is easy. You just select the MVC/Web API project name in the solution and locate the property called “SSL Enabled” in properties window:

Enable SSL in Visual Studio properties window

The same properties window will also show the HTTPS url for the application. In the above example it’s https://localhost:44300/. Copy that URL and go to the project properties window. Locate the Web tab and override the Project Url property with the https address:

Override project url to https

Start the application. You’ll likely get a message in the browser saying that the localhost address is not trusted, you can continue to the website at your own risk. Here’s a Chrome example in Swedish:

Localhost is not trusted

The problem is that the certificate that was installed automatically for you by Visual Studio is not trusted. You can locate the certificate in the Personal folder of the computer-level certificates in the certificates snap-in:

localhost certificate in certificates snap-in

If you double-click the certificate you’ll see that it’s not trusted:

localhost certificate is not included among trusted certificates

The message also provides the solution: the certificate must be imported into the trusted root certification authorities folder. You’ll see that as a folder in the same snap-in just below “Personal”. So how can we do that?

EXPORT

  • Right-click the certificate
  • Select All Tasks
  • Export… from the context menu.
  • Click Next on the certificate export wizard.
  • Leave the “Do not export the private key” option untouched, click Next.
  • Accept the default on the next screen, i.e. “DER encoded binary X.509” should stay selected, then click Next.
  • Provide a name and a location for the exported file. Call it “localhost” and save it in a location where you can easily find it.
  • Click Next and the Finish.

There should be a popup message saying that the export was successful.

IMPORT

  • Next right-click the folder called Trusted Root Certification Authorities and select All Tasks
  • Import… from the context menu.
  • Leave the “Local Machine” option untouched in the certificate import wizard, click Next.
  • Browse to the certificate you saved just before.
  • Click Next and accept all the default values along the way until you reach the end of the wizard.

There should be a message saying that the import was successful.

If you now go back to the Personal store and double-click the localhost certificate then you should see that it’s trusted:

localhost certificate is now trusted

OK, let’s start the .NET web project again, the opening page should open without any warning. If you still see the same issue then test it a brand new browser session, e.g. here in IE:

localhost is loaded in browser without issue

You can also view the extracted certificate from the browser window. Here’s an example from IE:

Certificate details from internet explorer

DreamTeK
  • 32,537
  • 27
  • 112
  • 171
Ahmad Hamdy
  • 551
  • 4
  • 4
  • 2
    Do you know how to do this in Visual Studio for Mac (Xamarin)? – Matt W Jan 29 '17 at 21:09
  • I get to the point after adding the https address into the properties window, then when I run I just get 502s back... – Chris Surfleet May 04 '17 at 13:09
  • 1
    Sorry @MattW I don't know how to do it on MAC – Ahmad Hamdy May 17 '17 at 11:18
  • This worked for me, but note that the Properties window is not the one you get when right-clicking the project and choosing "Properties". You need a different properties window. I've not been able to find a way to open it when the project is selected, but if you right click any other file and choose properties you open the correct window. Then navigating back to the project will update that properties window to show you the SSL settings. – Brad Irby Jan 18 '19 at 13:08
  • what if I am getting the error that localhost is not trusted but the certificate is valid? – fballer87 Feb 06 '21 at 01:08
  • @BradIrby and anyone who will need it, just press F4 when project is selected – alfoks Oct 12 '21 at 14:59
5

@MattW I am using Mac and was facing this issue. I am using Visual Studio 2019 for Mac on macOS Catalina. I opened the "Project Options" for my project and changed "HTTP" to "HTTPS" in "App URL" under Default Run Configuration for ASP.NET Core

Screenshot: Project Options in VS 2019 for mac

I already had a self-signed certificate for localhost, so Visual Studio gave me a message box asking me to use that Development certificate from Keychain. It asked for my password and used the certificate. The application worked without any issue on "HTTPS"

Screenshot: Development certificate found message

In case you do not have the development certificate you can generate one, using the following command in your Mac:

dotnet dev-certs https --clean
dotnet dev-certs https --trust

Read more at https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=netcore-cli

Arvind Maurya
  • 910
  • 12
  • 25
Imtiaz
  • 83
  • 1
  • 6
3

If you have a Web Site project, with the globe icon in Solution Explorer, enabling SSL goes a little different from a Web App project, with the globe in a rectangle, to which the other answers apply.

The Web Site project does not have the Web Tab. Instead, copy the SSL URL from the project properties (F4) to the Start Url in the project property pages (Shift F4). This step is optional, but if you don't do it, you will have to type the SSL port number manually in your browser.

Besides, for any type of web project, it does not really matter which port number you enter in Properties. The simplest is to accept the number filled in as default by VisualStudio, but another free port number will work just as well.

Of course, you will work with a self-signed certificate, i.e. signed by VS. So the browser might complain about this, and in order to debug your project with SSL, you will have to accept an exception in the browser.

Roland
  • 4,619
  • 7
  • 49
  • 81
  • Still applies in 2021 as I work on legacy web apps to enable ADFS authentication! Thanks – Jamie Dec 13 '21 at 19:15
1

This problem occurs for me when my IIS localhost development certificate expires. I took the solution from here.

  • Delete the installed development certificate. (run MMC.exe, "Find Certificates" with the name "localhost", and delete expired ones.

  • Clear SSL State (Control Panel -> Internet Options -> Content -> Clear SSL State)

  • Install a new dev certificate (in command window dotnet dev-certs https --trust)

Ben Adams
  • 121
  • 1
  • 5
  • I didn't even have to install a new dev cert - VS did that for me automatically - but the SSL state was still being cached, so your second step did the trick. Thanks – oflahero Aug 28 '23 at 13:51