How do I change my IIS Express SSL certificate for one that will work with Chrome 58+? How do I change my IIS Express SSL certificate for one that will work with Chrome 58+? google-chrome google-chrome

How do I change my IIS Express SSL certificate for one that will work with Chrome 58+?


google-chrome powershell ssl iis-express

This is how I fixed this. There may be an easier way (I'm sure there is!)

Step 1 - Open Windows PowerShell (in admin mode) and generate a certificate like this:

New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My"

Keep the thumbprint safe.

Step 2 - Open a command prompt (in admin mode) and run these commands.

The first will delete the current IIS Express certificate for ports 44300-44399.

for /L %i in (44300,1,44399) do netsh http delete sslcert ipport=0.0.0.0:%i

The next will add your new certificate to those ports. Change the thumbprint obviously.

for /L %i in (44300,1,44399) do netsh http add sslcert ipport=0.0.0.0:%i certhash=33459ADA4D5329673604F43A073B7F43084818A7 appid={214124cd-d05b-4309-9af9-9caa44b2b74a}

The appid is for IIS Express 10 I believe. You may want to check your IIS Express appid is the same as mine first. To do that do this:

netsh http show sslcert

Step 3 - Restart IIS Express and Chrome, then run up one of your sites in Chrome.

It'll give you the security warning again. Proceed to the page then go into settings > advanced settings, HTTPS/SSL Manage certificates.In here, export the certificate from Personal and import the certificate to Trusted Root Certificate Authorities (I did it as .p7b) then restart Chrome.

Try the site again - you should be secure now.

You can do all this outside of Chrome in certmgr as well.

Edit: Alternate steps for Step 3 above using certmgr:

  1. Hit win key and type "certmgr" to open the Windows cert manager.
  2. Expand Certificates - Local Computer > Personal > Certificates and find the cert you just created (it should be issued to localhost and have an expiration one year from the current date).
  3. Select the cert and ctrl-c to copy.
  4. Expand Certificates - Local Computer > Trusted Root Certification Authorities > Certificates and ctrl-v to paste.

google-chrome powershell ssl iis-express

The answer Chris gave solves the issue, thanks! Because my whole team had this issue, I created a little Powershell script to run the steps in Chris' answer.

https://gist.github.com/camieleggermont/5b2971a96e80a658863106b21c479988

Running this in elevated mode did the trick for me.

google-chrome powershell ssl iis-express

I am just using this setting until it is fixed in Visual Studio:

chrome://flags/#allow-insecure-localhost

It just prevents having to allow the security exception each time but it will still show the SSL as invalid (red) in your browser bar.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last