2

I am trying to follow the instructions in this post: http://www.codeproject.com/Tips/766918/Visual-Studio-Use-HTTPS-SSL-On-Web-Application-Pro. I am not prompted with the message "Would you like to trust the IIS SSL certificate?"

No certificate appears in the certificate store as shown below:

enter image description here

What am I doing wrong please? Please see the warnings I get from IE and Firefox when launching the app in Visual Studio here: Enable SSL in Visual Studio

Community
  • 1
  • 1
w0051977
  • 15,099
  • 32
  • 152
  • 329
  • 1
    Which **version** of Visual Studio you use? Has your computer public DNS name (by usage dynamic DNS for example) or you want to use SSL *only locally* on your computer and your web site should be not available from outside via SSL? The problem is: SSL will be established between the client and the server and *both* sides have to trust the certificate. – Oleg Aug 28 '16 at 11:19
  • If you need *self-signed* certificate, then the usage of `makecert.exe` is the most simple and clear way to generate and install the certificate. If your computer have public DNS name then creating public SSL certificate would be the best choice. You can get such certificate for free from many provides. It will simplify any future scenarios of usage. – Oleg Aug 28 '16 at 11:27
  • @Oleg, I have made some progress. See my answer. The only confusion is that I did not have to create a binding in the ApplicationHost.config file as per your link here: http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx. Do you know why? – w0051977 Aug 28 '16 at 11:59
  • Please answer on the question which I asked you multiple times: **"Which version of Visual Studio you use?"** About binding: could you open `%USERPROFILE%\Documents\IISExpress\config\applicationhost.config` and search for `` which you try to use with SSL. I suppose that you do made the binding. – Oleg Aug 28 '16 at 12:11
  • @oleg, Sorry, it is Visual Studio 2015 Community Edition. It is a localhost. – w0051977 Aug 28 '16 at 12:13
  • @oleg, I have opened: %USERPROFILE%\Documents\IISExpress\config\applicationhost.co‌​nfig and done a search for: https. No results were found. – w0051977 Aug 28 '16 at 12:17
  • Could you include the `` for your site inside of `` of `%USERPROFILE%\Documents\IISExpress\config\applicationhost.co‌​nfig`? – Oleg Aug 28 '16 at 12:18
  • @oleg, I could add it. I am just wandering why it works without it. I am wandering if it has something to do with localhost. – w0051977 Aug 28 '16 at 12:21
  • Do you tried to open the web site inside of Visual Studio only? `%USERPROFILE%\Documents\IISExpress\config\applicationhost.co‌​‌​nfig` is not the only file, where you can configure the settings of the IISExpress site. If you use Visual Studio GUI, then you don't have full control what happens in the background. If you can't find any configuration of your site in part of `%USERPROFILE%\Documents\IISExpress\config\applicationhost.co‌​‌​nfig`, than the configuration is in other file. For example, `$(solutionDir)\.vs\config\applicationhost.config`. – Oleg Aug 28 '16 at 12:52
  • Sorry, but yesterday I posted you the reference to the Hanselman's post. What you did today was all only the steps from the post. Isn't so? Nevertheless it failed yesterday, but it works today. There are **many steps**, which one have to do and only the exact examination of all steps can could answer on your question. – Oleg Aug 28 '16 at 12:53
  • @oleg, thank you. I can see the binding instructions in the applicationconfig file located in the .vs folder. Visual Studio must of written to that file for me. Therefore this question is now answered. If you want to answer the question with the link you posted yesterday then I will mark it. Do you know why the applicationhost.config is being used in the .vs folder. I assume it is configured somewhere. – w0051977 Aug 28 '16 at 13:07

3 Answers3

0

I have made some progress by following these steps:

    1) Click on the project name then F4 or View -> Properties Window
    2) Set SSL Enabled to: True
    3) Make a note of the SSL URL that is generated.  In my case it is: https://localhost:44334/
    4) Right click on the project name and select: Properties
    5) Set Project URL to the URL noted in step 3 i.e. https://localhost:44334/
    6) Open up a command prompt and run: "C:\Program Files (x86)\Windows Kits\8.1\bin\x64\makecert.exe"  -r -pe -n "CN=localhost" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12.  
    7) Go to mmc.exe and get the thumbprint of the certificate
    8) Run the following from a command line: netsh http add sslcert ipport=0.0.0.0:44334 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=2f11d025f2bc8802b45ceb7e03632eec333bc1ff.  2f11d025f2bc8802b45ceb7e03632eec333bc1ff is the thumbprint from step 8 and 44334 is the port from step 3.
    9) Run: netsh http add urlacl url=https://localhost:44334/ user=Everyone
    10) Launch the web app and I see this (
which looks a lot better):

enter image description here

11) Go to MMC find the "personal" certificate and then move it to: Trusted Root Certification Authorities.

Then it works.

All of the steps described above can be found in this post: http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx. I have summarize the steps I followed in case I (or anyone else) wants to refer to it in future - the article is quite long. Note that in my case: applicationhost.config was written to automatically by Visual Studio, whereas in the link the writer advises you to manually write to the following file: C:\Users\Ian\Documents\IISExpress\config\applicationhost.config. My application.config file was found in the .vs\config folder.

Matt
  • 4,261
  • 4
  • 39
  • 60
w0051977
  • 15,099
  • 32
  • 152
  • 329
  • You should try Jexus Manager http://Jexusmanager.com which simplifies the steps with IIS Manager style wizards. – Lex Li Aug 29 '16 at 04:55
0

Configuring of IIS Express to use SSL consist from many steps, which are a little tricky at the first usage. The most important parts, which one have to do, are the following:

  • create/get/generate SSL certificate. One can use MakeCert.exe for example to generate self-signed certificate. Look at %ProgramFiles(x86)%\Windows Kits\10\bin\x64 or %ProgramFiles(x86)%\Windows Kits\8.1\bin\x64 for the MakeCert.exe utility. The certificate have to be imported in "Trusted Root Certification Authorities" or "Third-Party Root Certification Authorities" additionally to make it trusted on the local computer (or for the local user).
  • IIS Express uses underlying HTTP.SYS of the operation system to process all HTTP/HTTPS requests. Thus one have to configure it, for example, by usage netsh http add sslcert ... and netsh http add urlacl ... or by using of "%ProgramFiles%\IIS Express\IisExpressAdminCmd.exe" utility with setupFriendlyHostnameUrl parameter.
  • configure Visual Studio project to use HTTPS for debugging and to create binding with HTTPS for IIS Express. One can run IIS Express in general without Visual Studio. Then including of new <binding> issue for the web site should be included in %USERPROFILE%\Documents\IISExpress\config\applicationhost.co‌​‌​‌​nfig. If one uses IIS Express only inside of Visual Studio, then the corresponding binding will be inserted by Visual Studio in the $(solutionDir)\.vs\config\applicationhost.config file.

I'd recommend you to read and to follow the old article posted by Hanselman in 2011. The information is still guilty today.

Oleg
  • 220,925
  • 34
  • 403
  • 798
0

just repair your visual studio to regenerate IIS Express Development Certificate.

Ali Shokri
  • 1
  • 2