Chrome uses different localhost SSL certificate than Visual Studio

Question

VS 2019 16.5.0 Preview 5 Windows 10 Chrome Version 80.0.3987.163 (Official Build) (64-bit)

I Googled this and am unable to find an answer.

I am trying to run a simple asp.net core MVC app with TLS on localhost.

What I did is I created a new project then in the project settings I enabled SSL and the URL I got I copied as App URL

App starts properly and TLS CA is not trusted? I followed the example here: https://stackoverflow.com/a/48790088/4950215 and I added the certificated Located in Personal/Certificates folder to Trusted Root Certification Authorities - Certificates manage computer certificates now showed that the CA is trusted.

I reloaded the app and I saw that the localhost SSL certificate used by Chrome is different than the one registered on my computer, and therefore the CA is still not trusted.

Answer 1

In my case this worked:

1. Clean the old certificate and generate a new trusted one. Run the commands listed below:

   dotnet dev-certs https --clean

   dotnet dev-certs https --trust

2. Go to %APPDATA%\Microsoft\UserSecrets and delete all of the directories

3. Re-run the application. It should now run with no SSL errors

source: https://joeblogs.technology/2021/11/neterr_cert_date_invalid/

Answer 2

I have found the issue:

Basically, for whatever reason, I had a localhost installed on my LocalComputer store certificates. This made me think that Visual Studio created it, in reality VS creates certificates in the CurrentUser store, as visible by the open code in the dotnet repo.
Typically the procedure, for generating and TLS certificate by VS, is expected to go as such:

1. A .NET Project is marked as HTTPS, and you try to run it.

2. VS checks if a certificate is present in the CurrentUser store, asks to create one if it's not

3. User clicks YES, to creating a certificate, initially the certificate is installed in the CurrentUser/Personal/Certificates store

4. VS then sees that you do not have a localhost certificate in CurrentUser/TrustedRootCA/Certificates, and makes a prompt to ask you if you would like to install one, you click YES - everything is done.

Now if for some reason you are like me... and your CurrentUser/Trusted Root Certification Authority/Certificates is read only. Then you end up on the following line of the code:

           case EnsureCertificateResult.FailedToTrustTheCertificate:
                reporter.Warn("There was an error trusting HTTPS developer certificate.");

Because well step 4 failed...

To mitigate this:

1. Open the CurrentUser and LocalComputer stores. You can do that by following this microsoft guide, or just type certlm.msc and certmgr.msc in the Start.
2. Right click Export on the localhost certificate in CurrentUser store and export it as with the default options
3. Try importing the same certificate in the Trusted Root Certification Authorities/Certificates folder of the CurrentUser store.
4. If step 3 failed,which it should have because you wouldn't be in this predicament otherwise, import your certificate in the Trusted Root Certification Authorities/Certificates folder of the LocalComputer store.

Now everything should work. Hopefully you wouldn't have spent 6 hours on this, like I did.