I am trying to run ASP MVC application with SSL mode set to true and whenever i run the application, i get prompt to trust the IIS Express SSL certificate. Upon clicking Yes, it gives the error message 'Adding the Certificate to The Trusted Root Certificates store failed with the following Errror. Access is denied'. I am running my Visual Studio 2017 as administrator mode. I have also deleted localhost certificate by going to MMC. Has anyone else run into this issue.
SOLN: This is what worked for me. deleted all localhost certificates. ran repair IIS Express in Add/Remove Programs. Copy and pasted localhost certificate from Personal/Certificate to Trusted Root Certificates and it didn't complain anymore.
In the Certificate Import Wizard, browse to the certificate that you exported (Trusted Root Certification Authorities), and then select Place all certificates in the following store. Click Next, verify that you selected the correct certificate, and then click Finish.
Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.
Open Visual Studio and open the solution containing the web project you'd like to run in IIS Express with SSL. Verify that SSL Enabled is set to True . If you are working with a web project for which SSL has not yet been enabled, set SSL Enabled to True .
However, because there is already a certificate installed in the Certificates - Current User\Trusted Root Certification Authorities\Certificates folder, Visual Studio fails to prompt you to install the new SHA256 certificate into the Certificates - Current User\Trusted Root Certification Authorities\Certificates folder.
Successfully installed the certificate to Trusted Root Certification Authorities of the current user. Open the Microsoft Management Console by clicking Start, typing Run, and then pressing Enter. In the Run dialog box, type mmc, and then click OK. Add a snap-in to manage certificates for the local computer. To do this, follow these steps:
Install certificates required for Visual Studio offline installation. This keeps your environment safe from attacks where the download location is compromised. Visual Studio setup therefore requires that several standard Microsoft root and intermediate certificates are installed and up-to- date on a user's machine.
You have developed web applications through Hypertext Transfer Protocol Secure (HTTPS) by using the release version of Visual Studio 2015, Update 1 or Update 2. However, after you install Visual Studio 2015 Update 3, you start receiving warnings about an untrusted certificate.
Note: Adding the OP's solution from the question as an answer.
This is what worked for me. deleted all localhost certificates. ran repair IIS Express in Add/Remove Programs. Copy and pasted localhost certificate from Personal/Certificate to Trusted Root Certificates and it didn't complain anymore.
Repairing/reinstalling IIS Express does not appear to actually fix this issue (as of IIS Express 10), the real solution is to add the localhost certificate to Trusted Rood Certificates.
Full details for how to do this is covered by this blog post: https://blogs.iis.net/robert_mcmurray/how-to-trust-the-iis-express-self-signed-certificate
In summary,
It worked to me just running CMD > certlm and deleting the localhost certificate inside the personal folder.
In the terminal run:
dotnet dev-certs https -c
This will let you know if you have any valid self signed certs.
You can then run:
dotnet dev-certs https --check --trust
This will let you know if you have any trusted self signed certs.
If you have expired or untrusted dev certs you can run:
dotnet dev-certs https --clean
This will remove the certs.
If you want to add a cert/trusted cert you can run:
dotnet dev-certs https --trust
This will create a self signed cert and attempt to add it to the Trusted Root Certification Authorities folder.
If this fails you will need to manually add the cert to the Trusted Root Certification Authorities folder.
Manually adding the cert:
The first step is to type in the 'Type here to search' section on windows "run" once run is opened type "mmc" and hit ok. This will pull up the console root.
You will then have to click on: file -> Add/Remove snap-in -> certificates -> add and then click ok. This will take you to the Certificates for the current user
Expand the Personal folder and then click on the Certificates folder. Scroll until you find a cert with the name 'localhost'
Now you might be able to just copy and paste the localhost file into the Trusted Root folder. If that works then you're done! You can verify if it worked by running the command:
dotnet dev-certs https --check --trust.
If that did not work and you still have an untrusted cert then you will have to follow the steps below.
Right Click on the localhost cert and then click on 'All Tasks' and then click 'Export...' We need to first export the cert before we can import it to the Trust Root folder
Follow the Certificate export wizard. You do not have to change the defaults so just keep clicking next until you reach the 'File to export' screen. Click browse and select your desktop as the destination and name the file 'localhost'. Click next and then finish. This will create a file on your desktop with the name localhost.cer
Now double click on the localhost.cer file on your desktop. A popup should appear, click the button that says 'Install Certificate...'
Make sure to set the store location to 'Local Machine' and click next.
Then select 'Place all certificates in the following store', click browse, and then select 'Trusted Root Certification Authorities' and click finish
The last step is to make sure the cert is now trusted so in the terminal run:
dotnet dev-certs https --check --trust
You should get a response stating: A trusted certificate was found. That means you're good to go!
You no longer need the cert on your desktop so you can delete that file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With