Why is my localhost self-signed SSL certificate suddenly invalid in Chrome?

Question

I just started working on a .NET project again that I hadn't touched in about a month, and suddenly in my localhost environment I'm getting ERR_CERT_AUTHORITY_INVALID errors when I try starting my application. I used dotnet dev-certs commands to regenerate the localhost certificate, but what's weird is it looks like Chrome is sourcing this localhost certificate from elsewhere. In the Developer Tools pane, I see this (notice the Validity Period):

I don't know why it shows that invalid Validity Period because I just generated a new localhost cert tonight, and I've blown away Chrome's SSL cache numerous times tonight. The following certificate appears in both the Personal > Certificates and Trusted Root Certification Authorities sections of certmgr.

Could someone please help me understand why Chrome thinks my localhost cert is from an invalid authority and how I can correct this issue? The last valid version came from the exact same place (although I think something else might have generated it because I don't recall using dotnet dev-certs CLI commands to create the original cert).

Answer 1

After I have spent lot of times of searching the solutions, finally I am able to solve it by following the steps below. Hopefully, this will save your days.

1. open dev tools in chrome, go to Security tab and click on the View certificate.
2. go to Details tab and click Copy to File...
3. then Certificate Export Wizard windows will pop up and click the Next button to continue.
4. remain DER encoding options, click Next and choose Browse, save it and name the certificate as localhost.cer. You should see your saved certificate on your saved path chosen just now.
5. open chrome://settings/ by copy this in the browser url box.
6. choose Privacy and security in the side menu > Security > Advanced > Managed Certificates
7. Certificates window will pop up as below. Choose Trusted Root Certificate Authorities tab and click Import...
8. import the localhost certificate which saved to chosen path just now at steps 4.
9. click browse to import the locahost.cer and click Yes to finish the import certificate process.
10. Close everything and restart your chrome browser. Remember to rebuild and rerun your project if you running the project using dotnet run command prompt for the changes to take effect in the browser. Now you should be able to access any localhost website urls with secure tag.

Answer 2

This is what I did and it worked for me. At Powershell for VS 2022 command prompt run:

>dotnet dev-certs https --clean
>dotnet dev-certs https --trust

Then click Yes to the prompt.