HTTPS error in ASP.NET Core app running on IISExpress - PR_CONNECT_RESET_ERROR
Question
When I try to run this app locally (when the SSL is enabled),
I always get this page that complains about Secure Connection:
https://localhost:44300/
Secure Connection Failed
An error occurred during a connection to localhost:44300. PR_CONNECT_RESET_ERROR
- The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
- Please contact the website owners to inform them of this problem.
What I've tried so far:
- Add a self signed
localhostcertificate with this Power Shell command:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\\LocalMachine\\My"
- Run
mmc.exeand export thatcertificatecreated by above Power Shell script from
[Console Root\\Certificates (Local Computer)\\Personal\\Certificates]
to
[Console Root\\Certificates (Local Computer)\\Trusted Root Certification Authorities\\Certificates .
This hasn't worked so far. If I run the app unchecking the Enable SSL , it works fine.
Please advise on a possible solution for SSL enabled environment.
1 answers
solution1
9 ACCPTED 2020-11-17 18:17:09
Regenerating IIS Express localhost certificates worked for me:
Open
Windows PowerShell ISEusing Admin privileges.Run this script:
Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
Write-Host "Creating cert resources"
$ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
$ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
$sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
$sanBuilder.AddDnsName("localhost") | Out-Null
Write-Host "Creating cert extensions"
$certificateExtensions = @(
# Subject Alternative Name
$sanBuilder.Build($true),
# ASP.NET Core OID
[System.Security.Cryptography.X509Certificates.X509Extension]::new(
"1.3.6.1.4.1.311.84.1.1",
[System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
$false),
# KeyUsage
[System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
$true),
# Enhanced key usage
[System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
$ekuOidCollection,
$true),
# Basic constraints
[System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
)
Write-Host "Creating cert parameters"
$parameters = @{
Subject = "localhost";
KeyAlgorithm = "RSA";
KeyLength = 2048;
CertStoreLocation = "Cert:\LocalMachine\My";
KeyExportPolicy = "Exportable";
NotBefore = Get-Date;
NotAfter = (Get-Date).AddYears(1);
HashAlgorithm = "SHA256";
Extension = $certificateExtensions;
SuppressOid = @("2.5.29.14");
FriendlyName = "IIS Express Development Certificate"
}
Write-Host "Creating cert"
$cert = New-SelfSignedCertificate @parameters
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Write-Host "Creating port bindings"
# Add an Http.Sys binding for port 44300-44399
$command = 'netsh'
for ($i=44300; $i -le 44399; $i++) {
$optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
$optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
Write-Host "Running $command $optionsDelete"
& $command $optionsDelete
Write-Host "Running $command $optionsAdd"
& $command $optionsAdd
}
}
catch {
Write-Error $_.Exception.Message
}
finally {
Stop-Transcript
}
It should work just fine now.
(The script is by @Shirhatti from this Github issue page: https://github.com/dotnet/aspnetcore/issues/26437 )
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.