1

My Chrome browser stopped accepting SSL certificates recently because of missing Subject Alternative Name. We have fixed this at production server by generating a proper certificate (here an example of building a certificate). Now it still complains on my local PC when I debug (running with F5) - the site loads extremely slow because of it, so I would really like to fix it.

I now that there is a localhost certificate that Visual Studio uses to sign the site when debugging (I'm using IIS Express). I've tried to replace this certificate with the one with SAN I've generated, but it just stopped working and the site doesn't load anymore with ERR_CONNECTION_RESET

What is the proper way of fixing certificate problems for local debugging in VS?

Community
  • 1
  • 1
Archeg
  • 8,364
  • 7
  • 43
  • 90
  • Note: A recent Chrome 'broke' this so any old articles on the subject may very likely turn out to be a red herring : http://darranshepherd.co.uk/technology/2017/04/20/self-signed-certificate-with-subject-alternative-name-for-iis-express.html – Simon_Weaver May 05 '17 at 23:53

1 Answers1

1

You have to add code in webconfig file. It will stop the rewrite for any localhost addresses but leave it in place in a production environment. http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx might help. Do not forget to change your port number range like :44300-:44398. hope it help you.

Vinutha N
  • 156
  • 6
  • Thanks for your answer. I think I was able to fix a problem - the url you gave contains the necessary info, but it is not included in your answer. If you could edit it to add the necessary details, I can mark it as accepted. I had to: 1) Remove all localhost certificates and add my own as "Personal" from pfx file 2) Call `netsh http delete sslcert ipport=0.0.0.0:` and then `netsh http add sslcert ipport=0.0.0.0: appid={} certhash=` 3) Move certificate to Trusted Authorities 4) Add certificate as trusted authority in Chrome settings – Archeg May 01 '17 at 11:19
  • i am out of city. so communicating in mobile and as soon i come back to work surly i will edit my answer. – Vinutha N May 01 '17 at 11:41
  • It stopped working for the next day (probably because of the restart), so I had to continue investigate it. After I: 1) Changed certificate fields to be the same as in original IIS certificate 2) Did not do (3) from previous comments it seems to become stable. So my certificate in two places right now: in Personal folder in `mmc` and in Trusted folder in Chrome – Archeg May 02 '17 at 08:29