Login/Register
Enable SSL in Visual Studio
Asked Answered
c#.netvisual-studiossl
C

6

39

I have enabled SSL in Visual Studio as shown below:

enter image description here

I have also set the below:

enter image description here

When I access the website via IE (via Visual Studio debugging) I see this:

enter image description here

When I access the website via Firefox (via Visual Studio debugging) I see this:

enter image description here

There is no option to progress to the website in either Firefox or IE. I have spent all day trying to understand what is wrong. What am I doing wrong?

Conchology answered 27/8, 2016 at 17:17 Comment(21)
Do you have certificate? I suppose you use self-signed ssl certificate (not trusted) so browser prevents you to open page. When you click "Learn more" you should be able to open page despite unsecure certificate.Cordalia
@nopeflow, Learn more takes me to a Mozilla troubleshooting webpage.Conchology
@nopeflow, how do you configure the certificate in Visual Studio?Conchology
Ah I see, so something else is wrong.Cordalia
@nopeflow, any ideas what this is?Conchology
Look at hereNemesis
@Oleg, thanks but unfortunately the warning in screenshot six does not happen. I get the annoying and useless warnings in my OP. I cannot believe how difficult this is.Conchology
@w0051977: Do you created self-signed SSL certificate or get free SSL certificate from letsencrypt for example (see here for example)? Do you configured IIS Express to use the certificate? Wich version of Visual Studio you use?Nemesis
@Oleg, how do I do this? There is no user interface for IIS Express. I can create a self signed certificate in IIS (full version) and bind it to a website. Is there a way to do this in IIS Express?Conchology
@w0051977: Look at %USERPROFILE%\Documents\IISExpress\config\applicationHost.config. One can edit the configuration manually. Moreover there are exist "%ProgramFiles%\IIS Express\IisExpressAdminCmd.exe" described in the article, which I posted you originally (see "APPENDIX Z"). The utility simplify some steps of the SSL configuration.Nemesis
Did you try browsing as localhost:44314. It's not recommended to test SSL with IP as certificates are bound to domain(s) name.Abbreviation
@Ravi A, yes I did. If I specify localhost then IE searches Goo9gle for the word localhost when I run the app in Visual Studio, which is really annoying. I have no idea what is wrong.Conchology
Try typing it completely - h ttps://localhost:44314 . (remove the space to avoid SO formatting)Abbreviation
@Ravi A, I did. It searches Google for the word: localhost.Conchology
Can you try this for the search problem #10764508Abbreviation
@Oleg, when I get to the stage of: "Take the hash and plug it in to the end of THIS command:" the batch statement runs constantly as if it is in a continuous and infinite loop. I cannot believe how difficult this is. I thought it would be a fifteen minute job this morning. Sixteen hours so far.Conchology
@w0051977: Do you mean that netsh http add sslcert ipport=0.0.0.0:443 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=YOURCERTHASHHERE works long lime? The IisExpressAdminCmd.exe Utility should do the same and you even don't need to search for certhash. About sixteen hours: sorry, but I'm not an author of IIS Express. Some things are really not so easy. Good SSL configuration take time. Is your computer has public DNS name (do you use Dynamic DNS providers for example) and web site available from the internet (TCP ports 80 and 443 are opened)? You can get public SSL certificate.Nemesis
Can anyone else help please? I have tried following the long, convoluted post that Oleg posted but that has not helped.Conchology
I have also tried this post: codeproject.com/Tips/766918/…. I am not prompted with the message: "would you like to trust the IIS Express SSL Certificate" and no certificate appears in the certificate store after enabling SSL. Please help.Conchology
If you are okay to start from scratch you can try this hanselman.com/blog/…Abbreviation
Usually it means the default certificate bindings set by IIS Express installer has failed, and you should remove and reinstall IIS Express via Programs panel.Tadd
B
91

I see this EXACT problem from time to time, when using SSL, and have found that (especially when working on someone else's project in a team environment) the Visual Studio project web settings (SSL ports) sometimes get messed up. Here's what I do to fix them:

  • In Solution Explorer, click your project.
  • Hit the F4 key (view properties).
  • Copy the URL (NOT the SSL URL).
  • Right click on Project and Select Properties.
  • Go to Web Tab in left side of Properties window.
  • Paste the URL into the Project Url on the Web Tab, Save.
  • In Solution Explorer, click your project.
  • Hit the F4 key (view properties).
  • Change SSL Enabled to false.
  • Change it back to true. There should be a new SSL URL. Copy it.
  • Paste the new SSL URL into Project URL on Web tab. Click Create Virtual Directory.
  • Click Override application root URL, and paste in SSL URL. Save.

This always solves the issue for me.

Brittabrittain answered 14/2, 2019 at 18:56 Comment(6)
Thank you man. This solved my issue, after 1 hour of hustling with VS.Wightman
Thank you. You have helped me to avoid struggle with this.Sterol
HOURS of troubleshooting solved by this. Thank you!Resnatron
Since modern browsers FORCE an SSL requirement and IE is being buried, this is invaluable information. Thank you so so much - this buys me some time to upgrade some legacy applications.Mellicent
This solved my problem, I've been working around it for a couple of years now with this on-and-off project of mine, and I finally got fed up this go-round and found this. Thanks so much!Augustus
Dam after several years of messing about this is exactly what I needed. ThanksPlunge
P
45

Say you have a .NET MVC or Web API project and you’d like to run it on SSL. In other words you’d like to start up the project on a URL similar to https://localhost:xxxx. The first step is easy. You just select the MVC/Web API project name in the solution and locate the property called “SSL Enabled” in properties window:

Enable SSL in Visual Studio properties window

The same properties window will also show the HTTPS url for the application. In the above example it’s https://localhost:44300/. Copy that URL and go to the project properties window. Locate the Web tab and override the Project Url property with the https address:

Override project url to https

Start the application. You’ll likely get a message in the browser saying that the localhost address is not trusted, you can continue to the website at your own risk. Here’s a Chrome example in Swedish:

Localhost is not trusted

The problem is that the certificate that was installed automatically for you by Visual Studio is not trusted. You can locate the certificate in the Personal folder of the computer-level certificates in the certificates snap-in:

localhost certificate in certificates snap-in

If you double-click the certificate you’ll see that it’s not trusted:

localhost certificate is not included among trusted certificates

The message also provides the solution: the certificate must be imported into the trusted root certification authorities folder. You’ll see that as a folder in the same snap-in just below “Personal”. So how can we do that?

EXPORT

  • Right-click the certificate
  • Select All Tasks
  • Export… from the context menu.
  • Click Next on the certificate export wizard.
  • Leave the “Do not export the private key” option untouched, click Next.
  • Accept the default on the next screen, i.e. “DER encoded binary X.509” should stay selected, then click Next.
  • Provide a name and a location for the exported file. Call it “localhost” and save it in a location where you can easily find it.
  • Click Next and the Finish.

There should be a popup message saying that the export was successful.

IMPORT

  • Next right-click the folder called Trusted Root Certification Authorities and select All Tasks
  • Import… from the context menu.
  • Leave the “Local Machine” option untouched in the certificate import wizard, click Next.
  • Browse to the certificate you saved just before.
  • Click Next and accept all the default values along the way until you reach the end of the wizard.

There should be a message saying that the import was successful.

If you now go back to the Personal store and double-click the localhost certificate then you should see that it’s trusted:

localhost certificate is now trusted

OK, let’s start the .NET web project again, the opening page should open without any warning. If you still see the same issue then test it a brand new browser session, e.g. here in IE:

localhost is loaded in browser without issue

You can also view the extracted certificate from the browser window. Here’s an example from IE:

Certificate details from internet explorer

Ptolemaeus answered 27/12, 2016 at 8:20 Comment(6)
Do you know how to do this in Visual Studio for Mac (Xamarin)?Mccready
I get to the point after adding the https address into the properties window, then when I run I just get 502s back...Henkel
Sorry @MattW I don't know how to do it on MACPtolemaeus
This worked for me, but note that the Properties window is not the one you get when right-clicking the project and choosing "Properties". You need a different properties window. I've not been able to find a way to open it when the project is selected, but if you right click any other file and choose properties you open the correct window. Then navigating back to the project will update that properties window to show you the SSL settings.Cityscape
what if I am getting the error that localhost is not trusted but the certificate is valid?Jarlathus
@BradIrby and anyone who will need it, just press F4 when project is selectedGoodsized
E
5

@MattW I am using Mac and was facing this issue. I am using Visual Studio 2019 for Mac on macOS Catalina. I opened the "Project Options" for my project and changed "HTTP" to "HTTPS" in "App URL" under Default Run Configuration for ASP.NET Core

Screenshot: Project Options in VS 2019 for mac

I already had a self-signed certificate for localhost, so Visual Studio gave me a message box asking me to use that Development certificate from Keychain. It asked for my password and used the certificate. The application worked without any issue on "HTTPS"

Screenshot: Development certificate found message

In case you do not have the development certificate you can generate one, using the following command in your Mac:

dotnet dev-certs https --clean
dotnet dev-certs https --trust

Read more at https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=netcore-cli

Estis answered 20/7, 2020 at 3:21 Comment(1)
Worked perfectly and still works with .NET 6 Minimal API and VS2022! Thank you.Hackney
S
3

If you have a Web Site project, with the globe icon in Solution Explorer, enabling SSL goes a little different from a Web App project, with the globe in a rectangle, to which the other answers apply.

The Web Site project does not have the Web Tab. Instead, copy the SSL URL from the project properties (F4) to the Start Url in the project property pages (Shift F4). This step is optional, but if you don't do it, you will have to type the SSL port number manually in your browser.

Besides, for any type of web project, it does not really matter which port number you enter in Properties. The simplest is to accept the number filled in as default by VisualStudio, but another free port number will work just as well.

Of course, you will work with a self-signed certificate, i.e. signed by VS. So the browser might complain about this, and in order to debug your project with SSL, you will have to accept an exception in the browser.

Scherzando answered 16/6, 2021 at 10:21 Comment(1)
Still applies in 2021 as I work on legacy web apps to enable ADFS authentication! ThanksPituitary
E
2

This problem occurs for me when my IIS localhost development certificate expires. I took the solution from here.

  • Delete the installed development certificate. (run MMC.exe, "Find Certificates" with the name "localhost", and delete expired ones.

  • Clear SSL State (Control Panel -> Internet Options -> Content -> Clear SSL State)

  • Install a new dev certificate (in command window dotnet dev-certs https --trust)

Embroideress answered 13/5, 2023 at 19:2 Comment(1)
I didn't even have to install a new dev cert - VS did that for me automatically - but the SSL state was still being cached, so your second step did the trick. ThanksMinorca
P
0

I tried all above but got not success. Finally repairing IIS Express did the trick as mentioned in this answer.

Pod answered 20/5 at 9:42 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.