This site can’t provide a secure connection (ERR_SSL_PROTOCOL_ERROR)

S

7

32

When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http.

<rewrite>
  <rules>
    <rule name="Redirect to https">
      <match url="(.*)"/>
      <conditions>
        <add input="{HTTPS}" pattern="Off"/>
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
    </rule>
  </rules>
</rewrite>

But when I run the same code in my local machine it gives the below error.

This site can’t provide a secure connection

How can I resolve the above error when I run the above code in my local machine?

Striped answered 11/4, 2017 at 6:50 Comment(3)

try this dotnetcodr.com/2015/09/18/… – Aubarta 27/9, 2017 at 21:2

@ raj'sCubicle Thanks much. This was a far simpler solution. – Receiver 28/2, 2019 at 17:58

HELP! I followed these directions and now my project won't run on the local machine. I even back out of the changes but the web.config seems to be cached or something... How do I back out? – Kingsbury 21/5, 2019 at 5:36

A

14

What I do personally is put that rewrite configuration into Web.Release.config precisely because it is a bit fiddly to get it working locally.

The problem is that IIS Express will expose HTTP and HTTPS on different ports, so if you redirect from http://localhost:1234 to https://localhost:1234, it simply won't work, because IIS Express is exposing HTTPS on something like https://localhost:44300.

You can enable SSL/TLS on IIS Express (and you should), but I would leave the rewrite rule only for Release mode.

Here is an example Web.Release.config file:

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web>
    <compilation xdt:Transform="RemoveAttributes(debug)" />
  </system.web>
  <system.webServer>
    <rewrite xdt:Transform="Insert">
      <rules>
        <!-- Redirects users to HTTPS if they try to access with HTTP -->
        <rule
          name="Force HTTPS"
          stopProcessing="true">
          <match url="(.*)"/>
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" ignoreCase="true"/>
          </conditions>
          <action
            type="Redirect"
            url="https://{HTTP_HOST}/{R:1}"
            redirectType="Permanent"/>
        </rule>
      </rules>
      <outboundRules>
        <!-- Enforces HTTPS for browsers with HSTS -->
        <!-- As per official spec only sent when users access with HTTPS -->
        <rule
          xdt:Transform="Insert"
          name="Add Strict-Transport-Security when HTTPS"
          enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security"
              pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>
</configuration>

Note that I also add HSTS here. It inserts the <rewrite> element into Web.config in Release mode. The <system.webServer> element already exists in Web.config, otherwise I would be inserting that.

Andersonandert answered 11/4, 2017 at 7:24 Comment(8)

Thanks Juunas, the above code shows some error on this line <rewrite xdt:Transform="Insert">. because the rewrite element doesn't allow transform attribute. – Striped 11/4, 2017 at 7:43

It says a similar warning for me too, but still works. Not sure why it does that. It should not matter which element you put those on, the XML transform system doesn't care. – Andersonandert 11/4, 2017 at 7:51

Its working fine, But I created two config files are Web.Dev.config and Web.Prod.config. I added the rewrite code only in Web.Prod.config file, then publish it into azure its working fine. but when I published my app with Web.Dev.config file into azure still it redirects to https even I don't add the rewrite code in Web.Dev.config file. – Striped 11/4, 2017 at 8:7

Well, the redirect issued by this config is permanent (HTTP 301). That means your browser will remember the rule. If I don't want users accessing the site over HTTP now, I won't want them to do so later. – Andersonandert 11/4, 2017 at 8:14

Thanks, for your suggestion. – Striped 11/4, 2017 at 8:18

changing the port for running iis express from project properties worked for me. – Flypaper 21/6, 2019 at 9:13

How can I create or edit this file? – Rosenkrantz 16/2, 2023 at 13:24

I just placed this code verbatim in my root folder but it does not work :( – Rosenkrantz 16/2, 2023 at 13:42

Z

18

This always solves the issue for me.

In Solution Explorer, click your project.
Hit the F4 key (view properties).
Copy the URL (NOT the SSL URL).
Paste the URL into the Project Url on the Web Tab, Save.
In Solution Explorer, click your project.
Hit the F4 key (view properties).
Change SSL Enabled to false.
Change it back to true. There should be a new SSL URL. Copy it.
Paste the new SSL URL into Project URL on Web tab. Click Create Virtual Directory.
Click Override application root URL, and paste in SSL URL. Save.

Zakaria answered 11/5, 2022 at 10:9 Comment(4)

Perfect step by step. Worked like a charm. Thank you! – Collin 22/6, 2022 at 17:37

"Copy the URL (NOT the SSL URL)." - from where? – Beanery 24/1, 2023 at 16:47

This had to be an accepted answer. – Parturition 3/3, 2023 at 8:34

this is Gold, thanks, its crazy that something still causes bugs issues like this, MS fix – Kaden 13/10, 2023 at 5:55

A

14

What I do personally is put that rewrite configuration into Web.Release.config precisely because it is a bit fiddly to get it working locally.

The problem is that IIS Express will expose HTTP and HTTPS on different ports, so if you redirect from http://localhost:1234 to https://localhost:1234, it simply won't work, because IIS Express is exposing HTTPS on something like https://localhost:44300.

You can enable SSL/TLS on IIS Express (and you should), but I would leave the rewrite rule only for Release mode.

Here is an example Web.Release.config file:

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web>
    <compilation xdt:Transform="RemoveAttributes(debug)" />
  </system.web>
  <system.webServer>
    <rewrite xdt:Transform="Insert">
      <rules>
        <!-- Redirects users to HTTPS if they try to access with HTTP -->
        <rule
          name="Force HTTPS"
          stopProcessing="true">
          <match url="(.*)"/>
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" ignoreCase="true"/>
          </conditions>
          <action
            type="Redirect"
            url="https://{HTTP_HOST}/{R:1}"
            redirectType="Permanent"/>
        </rule>
      </rules>
      <outboundRules>
        <!-- Enforces HTTPS for browsers with HSTS -->
        <!-- As per official spec only sent when users access with HTTPS -->
        <rule
          xdt:Transform="Insert"
          name="Add Strict-Transport-Security when HTTPS"
          enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security"
              pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>
</configuration>

Note that I also add HSTS here. It inserts the <rewrite> element into Web.config in Release mode. The <system.webServer> element already exists in Web.config, otherwise I would be inserting that.

Andersonandert answered 11/4, 2017 at 7:24 Comment(8)

Thanks Juunas, the above code shows some error on this line <rewrite xdt:Transform="Insert">. because the rewrite element doesn't allow transform attribute. – Striped 11/4, 2017 at 7:43

It says a similar warning for me too, but still works. Not sure why it does that. It should not matter which element you put those on, the XML transform system doesn't care. – Andersonandert 11/4, 2017 at 7:51

Its working fine, But I created two config files are Web.Dev.config and Web.Prod.config. I added the rewrite code only in Web.Prod.config file, then publish it into azure its working fine. but when I published my app with Web.Dev.config file into azure still it redirects to https even I don't add the rewrite code in Web.Dev.config file. – Striped 11/4, 2017 at 8:7

Well, the redirect issued by this config is permanent (HTTP 301). That means your browser will remember the rule. If I don't want users accessing the site over HTTP now, I won't want them to do so later. – Andersonandert 11/4, 2017 at 8:14

Thanks, for your suggestion. – Striped 11/4, 2017 at 8:18

changing the port for running iis express from project properties worked for me. – Flypaper 21/6, 2019 at 9:13

How can I create or edit this file? – Rosenkrantz 16/2, 2023 at 13:24

I just placed this code verbatim in my root folder but it does not work :( – Rosenkrantz 16/2, 2023 at 13:42

U

1

You will have to configure Visual Studio Server to be used with HTTPS. Please go through this link for details:
HTTPS with Visual Studio's built-in ASP.NET Development Server

Unscratched answered 11/4, 2017 at 7:0 Comment(2)

IIS Express will allow using HTTPS, but it will be on a different port. This still won't solve the problem entirely. As the redirect happens to the same port, it won't be able to connect. – Andersonandert 11/4, 2017 at 7:21

still I am getting same error even I enabled the SSL property. – Striped 11/4, 2017 at 7:30

C

0

I solved this problem with older version of Chrome web browser.

This is the list of older chrome versions where you can download and install it.

60.0.3112.90 - for Ubuntu is the version that works just fine for me.

Maybe it's little slower then newer versions but i found it's pretty good for production (:

Caballero answered 14/2, 2019 at 18:6 Comment(0)

H

0

On my end, I found out that there was a javascript code that redirects the site from http to https. So try to explore your environment if there are other code responsible for that issue. Hope this can help. Thanks

Hooray answered 8/10, 2020 at 3:53 Comment(0)

B

0

I just changed the URL in the Web tab of the project properties to use a PORT that starts with 443, e.g. 44301. Also be sure to change http to https. It works for me.

Beanery answered 24/1, 2023 at 16:49 Comment(0)

P

0

In my case, IIS Express had its configuration in a knot. Once I deleted (or rename for as a backup) the .vs folder and let Visual Studio recreate it.

Packard answered 7/6, 2024 at 4:40 Comment(0)

Recommended topics

Hot tags