Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Visual Studio 2017 gives 'Adding the Certificate to The Trusted Root Certificates store failed with the following Errror'

I am trying to run ASP MVC application with SSL mode set to true and whenever i run the application, i get prompt to trust the IIS Express SSL certificate. Upon clicking Yes, it gives the error message 'Adding the Certificate to The Trusted Root Certificates store failed with the following Errror. Access is denied'. I am running my Visual Studio 2017 as administrator mode. I have also deleted localhost certificate by going to MMC. Has anyone else run into this issue.

Error Screenshot

SOLN: This is what worked for me. deleted all localhost certificates. ran repair IIS Express in Add/Remove Programs. Copy and pasted localhost certificate from Personal/Certificate to Trusted Root Certificates and it didn't complain anymore.

like image 958
sanjeev Avatar asked Nov 21 '17 12:11

sanjeev


People also ask

How do I trust a certificate in Visual Studio?

In the Certificate Import Wizard, browse to the certificate that you exported (Trusted Root Certification Authorities), and then select Place all certificates in the following store. Click Next, verify that you selected the correct certificate, and then click Finish.

How do I add a certificate to the trusted root certificate?

Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.

How do I fix SSL connection error in Visual Studio?

Open Visual Studio and open the solution containing the web project you'd like to run in IIS Express with SSL. Verify that SSL Enabled is set to True . If you are working with a web project for which SSL has not yet been enabled, set SSL Enabled to True .

Why doesn't Visual Studio prompt to install a SHA256 certificate?

However, because there is already a certificate installed in the Certificates - Current User\Trusted Root Certification Authorities\Certificates folder, Visual Studio fails to prompt you to install the new SHA256 certificate into the Certificates - Current User\Trusted Root Certification Authorities\Certificates folder.

How do I install a certificate to a trusted root certification authority?

Successfully installed the certificate to Trusted Root Certification Authorities of the current user. Open the Microsoft Management Console by clicking Start, typing Run, and then pressing Enter. In the Run dialog box, type mmc, and then click OK. Add a snap-in to manage certificates for the local computer. To do this, follow these steps:

Why do I need to install a certificate for Visual Studio?

Install certificates required for Visual Studio offline installation. This keeps your environment safe from attacks where the download location is compromised. Visual Studio setup therefore requires that several standard Microsoft root and intermediate certificates are installed and up-to- date on a user's machine.

Why am I getting warnings about an untrusted certificate in Visual Studio?

You have developed web applications through Hypertext Transfer Protocol Secure (HTTPS) by using the release version of Visual Studio 2015, Update 1 or Update 2. However, after you install Visual Studio 2015 Update 3, you start receiving warnings about an untrusted certificate.


3 Answers

Note: Adding the OP's solution from the question as an answer.

This is what worked for me. deleted all localhost certificates. ran repair IIS Express in Add/Remove Programs. Copy and pasted localhost certificate from Personal/Certificate to Trusted Root Certificates and it didn't complain anymore.

Repairing/reinstalling IIS Express does not appear to actually fix this issue (as of IIS Express 10), the real solution is to add the localhost certificate to Trusted Rood Certificates.

Full details for how to do this is covered by this blog post: https://blogs.iis.net/robert_mcmurray/how-to-trust-the-iis-express-self-signed-certificate

In summary,

  • Open the certificate manager via "manage computer certificates" in control panel or by running certlm in a cmd prompt
  • Under Personal>Certificates export the localhost cert and save it to disk
    • don't export the private key! Just export the public key.
  • Under Trusted Root Certification Authorities, right click on Certificates and import the cert you just exported
like image 75
2 revs, 2 users 78% Avatar answered Oct 22 '22 01:10

2 revs, 2 users 78%


It worked to me just running CMD > certlm and deleting the localhost certificate inside the personal folder.

like image 33
user2988031 Avatar answered Oct 22 '22 03:10

user2988031


In the terminal run:

dotnet dev-certs https -c

This will let you know if you have any valid self signed certs.

You can then run:

dotnet dev-certs https --check --trust

This will let you know if you have any trusted self signed certs.

If you have expired or untrusted dev certs you can run:

dotnet dev-certs https --clean

This will remove the certs.

If you want to add a cert/trusted cert you can run:

dotnet dev-certs https --trust

This will create a self signed cert and attempt to add it to the Trusted Root Certification Authorities folder.

If this fails you will need to manually add the cert to the Trusted Root Certification Authorities folder.

Manually adding the cert:

  1. The first step is to type in the 'Type here to search' section on windows "run" once run is opened type "mmc" and hit ok. This will pull up the console root.

  2. You will then have to click on: file -> Add/Remove snap-in -> certificates -> add and then click ok. This will take you to the Certificates for the current user

  3. Expand the Personal folder and then click on the Certificates folder. Scroll until you find a cert with the name 'localhost'

Now you might be able to just copy and paste the localhost file into the Trusted Root folder. If that works then you're done! You can verify if it worked by running the command:

   dotnet dev-certs https --check --trust.

If that did not work and you still have an untrusted cert then you will have to follow the steps below.

  1. Right Click on the localhost cert and then click on 'All Tasks' and then click 'Export...' We need to first export the cert before we can import it to the Trust Root folder

  2. Follow the Certificate export wizard. You do not have to change the defaults so just keep clicking next until you reach the 'File to export' screen. Click browse and select your desktop as the destination and name the file 'localhost'. Click next and then finish. This will create a file on your desktop with the name localhost.cer

  3. Now double click on the localhost.cer file on your desktop. A popup should appear, click the button that says 'Install Certificate...'

  4. Make sure to set the store location to 'Local Machine' and click next.

  5. Then select 'Place all certificates in the following store', click browse, and then select 'Trusted Root Certification Authorities' and click finish

The last step is to make sure the cert is now trusted so in the terminal run:

 dotnet dev-certs https --check --trust

You should get a response stating: A trusted certificate was found. That means you're good to go!

You no longer need the cert on your desktop so you can delete that file.

like image 37
William Avatar answered Oct 22 '22 01:10

William