How do I restore a missing IIS Express SSL Certificate? - ssl

After setting up HTTPS in IIS Express, according to such articles as this and this, I am unable to actually load an IIS Express site using HTTPS. In Chrome, I am only getting:
This webpage is not available (with error code "ERR_CONNECTION_RESET")
...and in IE I am only getting:
Internet Explorer cannot display the webpage
...when I follow the directions in those articles.
It appears this has to do with the fact that the "IIS Express Development Certificate" that IIS Express installs automatically has been removed. How do I get this certificate reinstalled?

Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. I typically run appwiz.cpl to launch the old control panel applet and run repair from there.
Windows 7 and 8.1:
After going to Add/Remove Programs and choosing the "Repair" option on IIS Express, the certificate has been reinstalled and I can now launch IIS Express sites using HTTPS.
The certificate is back:
And I can now launch the IIS Express site using HTTPS:

For Visual Studio 2015, IIS Express 10, Windows 10, these options didn't work for me. IIS Express 10 didn't have a repair option.
I managed to solve the problem using the IisExpressAdminCmd.exe command available at C:\Program Files (x86)\IIS Express.
From an elevated command prompt run:
cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:urlToYourSite -UseSelfSigned
Replacing urlToYourSite with your url.
e.g.
cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44387/ -UseSelfSigned
After that I closed IIS Express and restarted my site from Visual Studio and it prompted to automatically trust the self-signed certificate.

Also note that for IIS Express to work with SSL, the port used needs to be in the 44300 through 44399 range (http://www.iis.net/learn/extensions/using-iis-express/running-iis-express-without-administrative-privileges).
So, if you're using IIS Express in Visual Studio, make sure the port selected is in the required range:
vs setting for iis express

Sometimes this error is because of a different certificate installed for localhost. If that is the case, there is no need to restore the IIS Express certificate. Instead, you can do the following to tell IIS Express to use your existing certificate:
Open the Certificates MMC snap-in as described here
Find your localhost certificate e.g. under Personal...Certicates and get its thumbprint:
Bring up the properties dialog for the localhost certificate and find the Thumbprint property
Paste the thumbprint value into Notepad (or whatever) and remove the spaces and any special characters at the beginning
Find the port value of your IIS Express project:
Go to the project properties in Visual Studio and finding the "SSL URL" value, e.g. "https://localhost:44300/MyApp".
In this example 44300 is the port number. If yours is different, change that value in the later commands.
Use the following commands in an administrative command prompt (not Powershell):
netsh http delete sslcert ipport=0.0.0.0:44300
netsh http add sslcert ipport=0.0.0.0:44300 certhash=your_cert_hash_with_no_spaces appid=
{123a1111-2222-3333-4444-bbbbcccdddee}
The Guid in the above command can be replaced with one that you generate. It does not correspond to any existing IIS Express value.
For further reference see Handling URL Binding Failures in IIS Express.

With new Chrome 58, nothing from the answers below will help. I've just spent 1 hour uninstalling / reinstalling certificates and trying to find out where the problem is.
Apparently Chrome 58 will refuse certificate because "missing_subjectAltName"
The solution is either "badidea" passphrase or if you need to open popups for login you have to use:
chrome://flags/#allow-insecure-localhost
The source is and the upvote belongs to: https://stackoverflow.com/a/38926117/2089232 :)

I wanted to add this, because it is ridiculous but maybe it will help someone. Keep in mind that I had never opened my project properties before so I have no idea how this happened (I did not change this myself or have the opportunity to), but in Project > Properties > Web my SSL url was listed as my usual URL but as http instead of https (had previously been https because it was working before). I went through all the steps listed on this page, uninstalled VS, then IIS, and finally noticed the error which should have been https://mySSLURL (but was missing the s in https). Once I changed http to https everything worked again.

I just had this issue after updating my VS 2017 to the latest version(s) and created a new (.Net) MVC/WebAPI project (from template). I was able to fix this by adjusting my port numbers to be within the correct range
Chorme Default Port Ranges for DEV SSL
Which I was able to find here: https://www.pluralsight.com/guides/visual-studio-2017-resolving-ssl-tls-connections-problems-with-iis-express
Hope this helps!

You can reinstall IIS Express 10.0 (or whatever version you need) to fix the missing certificate. Download from Microsoft here

Related

VS2019 Cannot launch .NET Core ASP 2 web site and browse from another computer on the same network

I have been trying to browse a website run under IIS Express VS2019 from another computer on the same network. I see the following error.
Bad Request - Invalid Hostname
I found several discussions where people suggested adding bindings and I did try adding so many different bindings in applicationhost.config with specific hostname, IP, hostname+ip, wildcards. When I add any binding or modify the existing localhost binding VS 2019 start giving me the following error
Unable to connect to web server 'IIS Express'
I am running VS2019 as an admin. What else I am missing?
Here is what I discovered. I do not have admin privileges on my local PC. Our sysadmin had created a shortcut for me which launches VS2019 as an admin. However, the VS was still not run as elevated Admin privileges. Turns out, you need to be an admin, and you must right-click the VS2019 shortcut and choose Run As Administrator with a shield and say Yes to the warning. The shortcut wasn't doing none of that. Now my custom IIS Express bindings are picked up from applicationhost.config without any issue.

unable to configure iis express for vs 2017

Ever since the last windows update, I have been having problems configuring connecting to a local hostname. But my workaround was to connect to localhost:60856. Now all of a sudden, I can't connect at all with the following error:
the following error occurred when trying to configure IIS Express for Project MantleMapperDotNet.WebCore. The Web Server 'localhost:60856' could not be found
I have scoured the internet for this but to no avail. Following are the things I've tried:
1. deleted .vs folder in vs project
2. deleted IISExpress folder in documents
3. re-installed iisexpress
4. running vs2017 as admin (which i always do).
5. running netsh-http to see if there's a binding already
6. restarting windows
can somebody please tell me what exactly is going on and how i can resolve this issue?

"Unable to Connect to the Remote Server" when connected via .NET ReportingService web service call

I have reporting services running on SQL Server 2008 inside the domain. I'm able to hit http://localhost/reportserver without error. I can hit the same site from the web box (also in the domain name) using the internal ip of the DB box (192.169.X.X/ReportServer/ReportService.asmx.) I've looked in the SSRS logs and I see these hits being properly recorded, no errors.
However.. I have a website that uses the .NET ReportingService class to make a connection to SSRS. Using the same credentials as before, I get "Unable to connect to the remote server."
I've checked, there's no firewall active. Quadrupled checked the config in the web site to make sure it has the proper credentials and service URL for SSRS. There are also no hits in the SSRS logs when I'm trying to connect via .NET, so something is most certainly blocking access.
I've Googled my fingers bloody, and would seriously love some help. I'm sure it's some small thing, I just can't think of it.
The following change worked for me:
Remove the SSL configuration
1.1. Reporting Services Configuration Manager;
1.2. Web Service URL (click on Advanced button and then remove the SSL configuration);
1.3. Report Manager URL (click on Advanced button and then remove the SSL configuration);
Edit the file rsreportserver.config, normally it's in the path C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\
2.1. find out the Key SecureConnectionLevel;
2.2. change the Key's value from "2" to "0";
Could be your reporting services is exposed only to the private ip and your localhost. Try setting your domain name's static ip to the configuration. I've added a SSRS Url configuration link for your quick reference.
The following worked for me:
1. Remove the SSL if configured.
2. Go to C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config
3. In rsreportserver.config Change the SecureConnectionLevel value from "2" to "0"
The following worked for me: I Removed the SSL and set it to 0 vs 2 in the path
G:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer file is reportserver.config file.
Basically it was previously configured with SSL at port 443 but the server has been moved to another domain, and did not know where to go to get a new SSL certificate for this domain,
So i removed the SSL config in the reporting services configuration GUI and then remove it also in the reportserver.config file.
Make sure your report URL ends with /Reportserver/ (For the purpose of .NET code calling). Also keep in mind that you should use complete URL i.e. It should include servername and domain.
Check this link
I like the other solutions however in my instance I had to update the following. For some reason or another the service wasn't able to use 127.0.0.1, localhost, or any of the other IP addresses assigned to the computer, this method however worked.
Open "Report Server Configuration Manager"
Web Service URL
Click on Advanced Button
Click the IP entry that I wanted to edit.
Click "Host Header Name" and type in the fully qualified name for the server.
Report Manager URL
Click on Advanced Button
Click the IP entry that I wanted to edit.
Click "Host Header Name" and type in the fully qualified name for the server.
After the above were done both URLs in "Web Service URL" and "Report Manager URL" were able to work once correct credentials were passed to the server.

Configuring WCF in IIS7 & Windows 7

I am having a problem when I try to browse WCF service (.svc file) which is hosted in IIS7 & Windows7. It throws following error.
HTTP Error 404.3 - Not Found
The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.
I tried to run ServiceModelReg, but it say I should have admin rights in order to run this, although I am admin on this machine.
Does any one know how to resolve this issue.
FInally....
I am able to resolve this issue.
I ran following two command and it solved the problem.
aspnet_regiis -i & ServiceModelReg -i
Even though I am admin on the machine, I need to run this 2 commands by right click and select 'Run as Admin'.
Your issued is answered here. Trying to be short:
When you start the command prompt, can
you right-click on the icon to open it
and select "Run as Administrator"? I
don't know exactly what's the logic
behind that, but on Vista there are
two kinds of administrative users, one
"normal" administrator and one
"elevated" administrator. I'd guess
the tool needs the second kind.
and second
Also, Why do you need to run
Servicemodelreg.exe on VIsta?
Officially this is not supported on
Vista. Instead you can go to WIndows
features menu throught Add remove
programs and enabled Http Activation
under .Net framework 3.0 feature.
This will enable everything you might
want to do via Servicemodelreg.exe.
Edit
And also here.
If you go into IIS Manager and double click on Handler Mappings do you have *.svc paths listed?
If they are missing this link may help http://msdn.microsoft.com/en-us/library/ms752252(v=vs.90).aspx

netsh error on windows 2008 R2

We are upgrading the server from Windows 2003 to 2008. As part of the process, I need to configure a port with a SSL certificate. When I ran the following command:
netsh http add sslcert ipport=1.2.3.4:8000 certhash=certificatehash appid={someGUID}
I got the following error:
SSL Certificate add failed, Error:
1312 A specified logon session does
not exist. It may already have been
terminated.
When running the command prompt with an administrator does not resolve the issue. Notice that I did not run into this issue on Windows 2003 (using httpcfg) and that things work well there.
Has anyone encountered this issue? Thanks.
the 1312 shows up at several occasions. aside from typos on the commandline, the other most common are:
- the certificate is not in your certificate store at all (check with MMC and 'certificates' snap-in)
- the certificate is in the wrong store: it should be in the store of 'local computer' not 'local user' (remember to choose proper account when activating the snapin inside the MMC)
- the certificate doesnt contain a Private Key (open the certificate and check whether it contains only public, or both keys)
I've spent over 1.5 hours before I found out that I've had generated a certificate succesfully, but misplaced some switches and it got written to a file without the private key:)
Are you running from an elevated command prompt (not just as an admin)?. There's an open source GUI tool that drives the HTTP config APIs directly- I use it on 2008 R2 with no trouble (it auto-requests elevation via UAC). I've had mixed results with netsh/httpcfg. This one always works for me (and it behaves the same everywhere).