I've been fighting this for a couple weeks now. I've exhausted my Google-fu and need your help.
I want to delete the certificate that IIS Express is defaulting to (which is about to expire) and use the one that gets created when I "repair" IIS Express.
IIS Express is using an SSL Certificate that I can't find anywhere on my PC. Currently it's NOT using the cert that it creates during the repair. It's using some rando cert that I can't find anywhere on my computer.
I've been through the mmc snap-in 100 times, run dos and powershell commands, searched through my registry, searched through the file system, I even went through 100k lines of process monitor trying to find where it was pulling the certificate from. I can't find the certificate it's using anywhere.
Windows 10. This is a cert dump with the relevant localhost entries:
Location : CurrentUser
Name : Root
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 7019C23346CD99CDE8ED35F2A712410F3E5A03DB
FriendlyName : ASP.NET Core HTTPS development certificate
NotBefore : 2/28/2020 8:26:43 AM
NotAfter : 2/27/2021 8:26:43 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 4671C5C7DC49E26F318C30911B4494D2511E665E
FriendlyName : IIS Express Development Certificate
NotBefore : 2/28/2020 8:26:16 AM
NotAfter : 2/27/2025 6:00:00 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
Name: My
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 7019C23346CD99CDE8ED35F2A712410F3E5A03DB
FriendlyName : ASP.NET Core HTTPS development certificate
NotBefore : 2/28/2020 8:26:43 AM
NotAfter : 2/27/2021 8:26:43 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 4671C5C7DC49E26F318C30911B4494D2511E665E
FriendlyName : IIS Express Development Certificate
NotBefore : 2/28/2020 8:26:16 AM
NotAfter : 2/27/2025 6:00:00 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
And this is the cert that's being served to Chrome:
Serial number: 00e7573e7ee6f8a315
Signature algorithm: sha256RSA
Issuer: localhost
Subject: localhost
1.3.6.1.4.1.311.84.1.1: ASP.NET Core HTTPS development certificate
Thumbprint: f3b46e7bd1d6a66d150948342ffe00ebb42f33ac
Anyone have any ideas? Let me know if you need any additional information.
Kestrel attempts to find a "default" certificate for the project. That certificate is NOT stored in the computer's key store. It's stored on the file system as a .pfx file. The path is %appData%\\ASP.NET\\https.
I found this out by reading through the Kestrel source code KestrelConfigurationLoader.TryGetCertificatePath():
var hostingEnvironment = Options.ApplicationServices.GetRequiredService<IHostEnvironment>();
var appName = hostingEnvironment.ApplicationName;
// This will go away when we implement
// https://github.com/aspnet/Hosting/issues/1294
var appData = Environment.GetEnvironmentVariable("APPDATA");
var home = Environment.GetEnvironmentVariable("HOME");
var basePath = appData != null ? Path.Combine(appData, "ASP.NET", "https") : null;
basePath = basePath ?? (home != null ? Path.Combine(home, ".aspnet", "https") : null);
path = basePath != null ? Path.Combine(basePath, $"{appName}.pfx") : null;
return path != null;
I deleted the keys that were in the folder and it resolved my problem. Happy days!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.