We have a Windows service hosting SignalR. The same code is running on different machines, with different results.

If I go to this link on my laptop, it works:

https://localhost/signalr/negotiate

Response: { "Url":"/signalr", "ConnectionToken":"AQAAANCMnd8BFdERjHoAwE/...==", "ConnectionId":"0a09e290-c8af-48d6-b791-f05e3b8930b0", "KeepAliveTimeout":20.0, "DisconnectTimeout":30.0, "ConnectionTimeout":110.0, "TryWebSockets":false, "ProtocolVersion":"1.2", "TransportConnectTimeout":5.0, "LongPollDelay":0.0 } If I go to that same link on my desktop, I get this:

I checked the IE settings and the TLS settings are the same between my laptop and my desktop. I've also checked many other IE settings.

Edit: On good PC, get cert warning in browser. Doesn't happen on non-working PC.

Here is the code to get SignalR running:

    protected override void OnStart()
    {
        LogUtility.LogInformation("SignalRHubHostController::OnStart()");

        string url = this.Application.Configuration.SignalRHubHostController.HostUrl;

        UriBuilder uri = new UriBuilder(url);

        string schemeOverride = this.Application.Configuration.SignalRHubHostController.UriSchemeOverride;

        if (!String.IsNullOrWhiteSpace(schemeOverride))
            uri.Scheme = schemeOverride;

        LogUtility.LogInformation(String.Format(CultureInfo.InvariantCulture, "Using [{0}] as the SignalR hub URL.", uri.Uri.ToString()));

        this._disposableWebServer = WebApp.Start<Startup>(uri.Uri.ToString());
    }

    internal class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(CorsOptions.AllowAll);
            app.MapSignalR();
        }
    }

I got this to work. Apparently it was an issue with the existing certificate set to use port 443. I don't know why that was an issue, but the following steps caused things to start working for me.

Note: Rick Strahl's blog helped: Hosting SignalR under SSL/https

1. Created certificate in IIS specifically for this purpose:

Note: I did not have to use MMC to copy the cert from the personal folder to the trusted root folder. It was already in the trusted root folder.

2. Delete the existing cert dedicated to port 443:

netsh http delete sslcert 0.0.0.0:443

Note: I originally tried to add the cert and got an error because a cert was already specified for port 443. That's why this delete is here.

3. Add my new cert for port 443:

netsh http add sslcert ipport=0.0.0.0:443 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=hashGoesHere

Note: Rick Strahl's blog said to always use that appid. I don't know what an appid means in the context of a cert. So, yeah, whatever...

4. Run my app and have it connect successfully:

Note: I'll need to use a real cert and trust it so I stop getting that warning. But that's not the point of this answer. I just wanted to show how I got this working with SignalR.

So while this got things working, I don't know why the original cert dedicated to port 443 wasn't working. Perhaps it wasn't in the root store. I couldn't figure out how to find that cert based on its hash on the PC.

Edit

For completeness, I wanted to share how you can get the cert hash. You can manually type it from looking at the certs in IIS, or you can copy it by finding it in MMC. It's the Thumbprint property of the cert. You just have to remove the spaces.