4

I recently changed my IDE from VS 2019 to 2022 and I have not been able to successfully debug an SSL web site without receiving the popup message:

This project is configured to use SSL. To avoid SSL warnings in the browser you can choose to trust the self-signed certificate that IIS Express has generated. Would you like to trust the IIS Express SSL certificate?

After clicking Yes, the following message pops up:

Adding the certificate to the Trusted Root Certificates store failed with the following error: Access is denied.

After doing some research I ran the following command in an administrative prompt:

dotnet dev-certs https --clean

dotnet dev-certs https --trust -v

This resulted in the following:

An error has occurred while trusting the certificate: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied. at Internal.Cryptography.Pal.StorePal.Add(ICertificatePal certificate) at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate) at Microsoft.AspNetCore.Certificates.Generation.WindowsCertificateManager.TrustCertificateCore(X509Certificate2 certificate) at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.TrustCertificate(X509Certificate2 certificate). There was an error trusting HTTPS developer certificate.

So far, I have tried importing the localhost certificate directly into the Trusted Root Certification Authorities, changing permission on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder, uninstalling IIS Express and repairing, and uninstalling and reinstalling VS 2022. So far nothing has worked, not sure what to try from here?

Stefan Wuebbe
  • 2,109
  • 5
  • 17
  • 28
jpico
  • 41
  • 1
  • 3
  • If you learn a little bit more about MMC and the different certificate stores, you can find the answer yourself, https://docs.jexusmanager.com/tutorials/self-signed.html#to-trust-self-signed-certificate The .NET Core certificates are irrelevant, so those `dotnet` won't help you trust IIS Express Development Certificate. – Lex Li Jul 22 '22 at 00:07
  • @LexLi Thanks, but this is just a UI shortcut for a process that I have already tried and even when I use the app to trust the cert it produces the error: An unexpected error happened. HResult is -2147024891. Contact your system administrator. – jpico Jul 22 '22 at 15:14
  • When you said "I have tried importing the localhost certificate directly into the Trusted Root Certification Authorities" I can only assume that you didn't know that there are many "Trusted Root Certification Authorities" stores on the same machine and you can easily import to the wrong place. But if you got -2147024891 from Jesus Manager, then you hit a bigger issue. Please escalate to your domain administrators so that they can help you troubleshoot further. – Lex Li Jul 22 '22 at 19:24
  • 2
    @LexLi What sarcastic and useless comments... StackOverflow becomes more and more useless, because of such responses. – Givi Aug 24 '22 at 13:25

1 Answers1

1

For people seeing this post and having the same issue. I 'fixed' this by doing the following:

  1. Go to your Current User certificates store and click the Personal and then the Certificates folder. If you can see there a localhost certificate where the friendly name is something like IIS Express Development Certificate then try to move that certificate to the Trusted Root Certification Authorities --> Certificates folder.
  2. If you get an Access Denied error then try to set the Physical certificate stores checkbox, as per this post: The certificate cannot be pasted into the Trusted Root Certification Authorities store. Access is denied, under (View --> Options), make sure you selected the root certificates file to see the View/Options menu.
  3. Repeat the above steps also for the Local Computer certificates. For some reason sometimes my localhost certificate was stored under Current User and sometimes under Local Computer.
  4. When starting the application the following 'error' should have dissapeard:

This project is configured to use SSL. To avoid SSL warnings in the browser you can choose to trust the self-signed certificate that IIS Express has generated. Would you like to trust the IIS Express SSL certificate?

  1. Though, in my case I got the ERR_CONNECTION_RESET error after doing the above. To fix this I had to manually add the localhost port certificate as per this post: https://stackoverflow.com/a/68804745/3242154
  2. After doing the above it generated another certificate in my personal certificate folder for the specified port, I once again had to repeat steps 1-3 (depending in which certificates store it was created), then it finally worked without problems.
Nicolas
  • 2,277
  • 5
  • 36
  • 82