How do I change my IIS Express SSL certificate for one that will work with Chrome 58+?
This is how I fixed this. There may be an easier way (I'm sure there is!)
Step 1 - Open Windows PowerShell (in admin mode) and generate a certificate like this:
New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My"
Keep the thumbprint safe.
Step 2 - Open a command prompt (in admin mode) and run these commands.
The first will delete the current IIS Express certificate for ports 44300-44399.
for /L %i in (44300,1,44399) do netsh http delete sslcert ipport=0.0.0.0:%i
The next will add your new certificate to those ports. Change the thumbprint obviously.
for /L %i in (44300,1,44399) do netsh http add sslcert ipport=0.0.0.0:%i certhash=33459ADA4D5329673604F43A073B7F43084818A7 appid={214124cd-d05b-4309-9af9-9caa44b2b74a}
The appid is for IIS Express 10 I believe. You may want to check your IIS Express appid is the same as mine first. To do that do this:
netsh http show sslcert
Step 3 - Restart IIS Express and Chrome, then run up one of your sites in Chrome.
It'll give you the security warning again. Proceed to the page then go into settings > advanced settings, HTTPS/SSL Manage certificates.In here, export the certificate from Personal and import the certificate to Trusted Root Certificate Authorities (I did it as .p7b) then restart Chrome.
Try the site again - you should be secure now.
You can do all this outside of Chrome in certmgr as well.
Edit: Alternate steps for Step 3 above using certmgr:
- Hit win key and type "certmgr" to open the Windows cert manager.
- Expand Certificates - Local Computer > Personal > Certificates and find the cert you just created (it should be issued to localhost and have an expiration one year from the current date).
- Select the cert and ctrl-c to copy.
- Expand Certificates - Local Computer > Trusted Root Certification Authorities > Certificates and ctrl-v to paste.
The answer Chris gave solves the issue, thanks! Because my whole team had this issue, I created a little Powershell script to run the steps in Chris' answer.
https://gist.github.com/camieleggermont/5b2971a96e80a658863106b21c479988
Running this in elevated mode did the trick for me.
I am just using this setting until it is fixed in Visual Studio:
chrome://flags/#allow-insecure-localhost
It just prevents having to allow the security exception each time but it will still show the SSL as invalid (red) in your browser bar.