I am trying to run ASP MVC application with SSL mode set to true and whenever i run the application, i get prompt to trust the IIS Express SSL certificate. Upon clicking Yes, it gives the error message 'Adding the Certificate to The Trusted Root Certificates store failed with the following Errror. Access is denied'. I am running my Visual Studio 2017 as administrator mode. I have also deleted localhost certificate by going to MMC.
Has anyone else run into this issue.
SOLN: This is what worked for me.
deleted all localhost certificates. ran repair IIS Express in Add/Remove Programs. Copy and pasted localhost certificate from Personal/Certificate to Trusted Root Certificates and it didn't complain anymore.
Note: Adding the OP's solution from the question as an answer.
This is what worked for me. deleted all localhost certificates. ran repair IIS Express in Add/Remove Programs. Copy and pasted localhost certificate from Personal/Certificate to Trusted Root Certificates and it didn't complain anymore.
Repairing/reinstalling IIS Express does not appear to actually fix this issue (as of IIS Express 10), the real solution is to add the localhost certificate to Trusted Rood Certificates.
Full details for how to do this is covered by this blog post: https://blogs.iis.net/robert_mcmurray/how-to-trust-the-iis-express-self-signed-certificate
In summary,
- Open the certificate manager via "manage computer certificates" in control panel or by running certlm in a cmd prompt
- Under Personal>Certificates export the localhost cert and save it to disk
- don't export the private key! Just export the public key.
- Under Trusted Root Certification Authorities, right click on Certificates and import the cert you just exported
It worked to me just running CMD > certlm and deleting the localhost certificate inside the personal folder.
After having struggled with this issue now for a week (using Win 10 and Visual Studio 2019 Community Edition Version 16.1.1) and trying various solutions I found out the following:
- by default the localhost certificate for IISExpress 10 gets installed in:
Certificates (Local Computer) -> Personal
Repairing IISExpress 10 (Programs -> Programs and Features) will create a new localhost certificate also in: Certificates (Local Computer) -> Personal
Then export that certificate by saving it to a file using:
Then import that certificate into: Certificates (Local Computer) -> Trusted Root Certification Authorities
- then as user2988031 pointed out: delete the certificate from Certificates (Local Computer) -> Personal
I also tried to use "dotnet dev-crts https --trust" but that did not work for me and always produced the following error:
So to wrap it up: make shure there is only 1 localhost certificate which is in
Certificates (Local Computer) -> Trusted Root Certification Authorities
Update: I just realized that after modifying the web application a few times
a different error manifested and I had to go through the whole process again
in order to get it to work!
My error was actually "asp.net developer certificate is not installed" but I think the solution below would still work in this case. Execute the following commands in command prompt.
dotnet dev-certs https --trust --check
echo Trust check: %errorlevel%
dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https\TestCert.pfx" -p TestPassword
echo Trust/Export: %errorlevel%
Reference:
https://github.com/Microsoft/DockerTools/issues/147#issuecomment-420433974
I'm a total noob on this and wanted to share the solution I found after struggling some time and reading many posts. It is very similar to what sanjeev posted, however with more detail so if you are new to this (as myself), you can solve it faster.
If you have this issue with Visual Studio 2019 and Win 10, delete all localhost certificates at MMC:
(1) cmd>run as admin>type "mmc" and press enter
(2) File>Add/Remove Snap-in...
(3) Select "Certificates" and click Add button
(4) Select options "Computer Account" and "Local computer"
(5) Console Root folder > click and expand Certificates
(6) Delete all localhost certificates at different folders
Then at Control Panel>Program and Features find IIS 10.0 Express at the list, right click and select "Repair". This will create a new localhost certificate at the Certificate's "Personal" folder (at the MMC window used previously - don't forget to refresh to see this new certificate)
Copy (right click on the certificate) this certificate located in the "Personal" folder and paste it into the folder "Trusted Root Certification Authorities">"Certificates"
DELETE the localhost certificate from the "Personal" folder. There should be only one localhost certificate and located at the "Trusted Root Certification Authorities" folder
After this, it should work fine, hope you find this useful
Here is another simple step by step solution in case the answers provided are not clear for you.
Step 1:
Go to Windows Start and type Certificates, then click on Manage computer certificates. This would open the certificate manager window.
Step 2:
Now click on the arrow on >Personal folder, then click on the Certificates folder. Now select and Delete all certificates in the folder.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/Upuih.jpg', '推荐 够拽才男人 的文章《Visual Studio 2017 gives 'Adding the Certifica》','https://www.manongdao.com/article-1863388.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}