HTTPS Error using IIS Express

[MaherJendoubi]

Describe the bug

I run a vanilla asp.net core web app by checking the checkbox for configuring HTTPS. The application doesn't run correctly.

To Reproduce

I opened VS, then I chose ASP.NET Core Web Application. The HTTPS configuration was enabled by default. After creating the app, I run it with F5 using IIS Express and the web app is not loading.

Further technical details

• ASP.NET Core version: 3.1 Preview 2
• Include the output of dotnet --info: .NET Core SDK (reflecting any global.json): Version: 3.1.100-preview2-014569 Commit: 4bd5d24d87

Runtime Environment: OS Name: Windows OS Version: 10.0.18362 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\3.1.100-preview2-014569\

Host (useful for support): Version: 3.1.0-preview2.19525.6 Commit: 5672978d91

.NET Core SDKs installed: 3.0.100 [C:\Program Files\dotnet\sdk] 3.1.100-preview2-014569 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed: Microsoft.AspNetCore.All 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.0.0-preview7.19365.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.0-preview2.19528.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.0.0-preview7-27912-14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.0-preview2.19525.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.0.0-preview7-27912-14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.1.0-preview2.19525.6 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

• The IDE (VS / VS Code/ VS4Mac) you're running on, and it's version: Visual Studio 2019 version 16.4.0 Preview 4.0

[Tratcher]

The application doesn't run correctly.

Please clarify what does happen.

[MaherJendoubi]

[MaherJendoubi]

@Tratcher The secure connection failed. It happened in different browsers : Firefox, Chrome, Edge and IE.

[blowdart]

From the earlier tweet thread on this connection resets in all browsers.

https://twitter.com/maherjend/status/1192426810014871552?s=20

[Tratcher]

Anything in the VS output window? If you put a breakpoint in Program.cs does it get hit?

[blowdart]

I'm wondering if IIS Express isn't serving up HTTPS

[MaherJendoubi]

This happens only with IIS Express. It works if I use Kestrel.

[Tratcher]

Ok, how about the windows event viewer?

[MaherJendoubi]

I put breakpoints in the Startup.cs and in the Program.cs. It is not hitten.

[MaherJendoubi]

Ok, how about the windows event viewer?

[blowdart]

Aha

ID: 15021, Description: "An error occurred while using SSL configuration for endpoint 0.0.0.0:44300. The error status code is contained within the returned data."

If you open a command prompt and run netsh http show sslcert > certconfig.txt you'll get a nice text file with configuration information in it. Open that file in your favourite text editor and search for 0.0.0.0:44300

If the config is correct you'll see something like

    IP:port                : 0.0.0.0:44300
    Certificate Hash       : a774dd1f4944a95baa94f9a143095a90b1b437ab
    Application ID         : {214124cd-d05b-4309-9af9-9caa44b2b74a}

If it's not found then the certificate is missing.

[MaherJendoubi]

I find the following :

[blowdart]

OK. Now we need to figure out if that certificate exists.

In a powershell prompt type the following

cd cert:\\
Get-ChildItem -Path '****' -Recurse

replacing **** with the thumbprint/hacage you have in your screenshot.

[MaherJendoubi]

Apologies for my late reply.

[blowdart]

Is there one on LocalMachine\My too?

[MaherJendoubi]

No!

[blowdart]

Hmm. There is on mine, but I don't know if it matters. @shirhatti any ideas?

[Tratcher]

Sounds like it needs an install repair.

[MaherJendoubi]

install repair of VS? Did you succeed to reproduce it or it is only local to my machine? BTW, I am using the following Windows 10 version :

[MaherJendoubi]

@Tratcher What you said is totally true. After an install repair, I get this popup It works like a charm now. Thanks a lot for your help.

[shirhatti]

Shoot. I was just about to ask you share your cert. I'm curious as to why it was invalid 🤷‍♂

[MaherJendoubi]

Sorry for that, I was too fast! I did many VS Preview updates maybe that corrupted the SSL tooling.

[MaherJendoubi]

@shirhatti how can I help you even after this install repair? Are there some specific logs or files you need to investigate? Or it's too late?

[MaherJendoubi]

@shirhatti Unfortunately, I cannot reproduce it again and the cert is valid now:

[shirhatti]

@MaherJendoubi Thanks for offering to help! Unfortunately, I was interested in the bad certificate which is irrecoverable.

[MaherJendoubi]

@shirhatti This issue happens again. I will be available for any valuable feedback.

[MaherJendoubi]

[shirhatti]

Can you export the self-signed certificate with private keys and share it? (I'm assuming it should be safe to share the private key here since it's only a self-signed certificate, but please ensure it is safe before you share it)

[MaherJendoubi]

How can I export it?

[MaherJendoubi]

[MaherJendoubi]

Is it safe to share the certificate hash like I did before here?

[Rick-Anderson]

Other than the interesting academic exercise, Troubleshoot certificate problems has the solution

dotnet dev-certs https --clean
dotnet dev-certs https --trust

[MaherJendoubi]

@Rick-Anderson FYI, I used the 2 commands but the problem persists.

[Tratcher]

Other than the interesting academic exercise, Troubleshoot certificate problems has the solution

dotnet dev-certs https --clean
dotnet dev-certs https --trust

That does not apply to IIS Express, only Kestrel. IIS Express sets up its own certificate at install time and the only repair mechanism is to run the installer repair. The interesting question here is how did the cert get broken?

[analogrelay]

@MaherJendoubi you can run this PowerShell command to export the cert (does not work in PowerShell Core, you have to use powershell.exe): Export-Certificate -Cert (dir Cert:\LocalMachine\My\ | where { $_.FriendlyName.StartsWith("IIS") }) -FilePath cert.crt. Then send us cert.crt. The private key is not included but I think that might be enough for this.

The cert should have the friendly name "IIS Express Development Certificate" and be in the Local Machine store. If it's not there, that would cause this problem as well :). The cert IIS uses is different from the ASP.NET Core Development Certificate.

[ghost]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.