I am hoping someone can shed some light on this situation. I have a WEB API that I am running in IIS Express. I was using it with SSL enabled. I have a console application that calls it like so:
https://localhost:12345/api/Controller/Method/arg
This was working great up until today. All of a sudden the client throws an exception when trying to connect stating:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
I have gone through and made sure that the IIS Express Development Certificate is in place under personal certificates. I have also done a repair on IIS Express. I also do not get this problem if I put the URL into Internet Explorer. I have no problem connecting to the WEB API when I go over normal HTTP. What would make this seemingly start happening for no reason?
Misha Beskin's answer to this question resolved it for me. Still no idea what caused it to get messed up in the first place.
After spending a lot of time for me the solution was pretty simple
I just opened the Certmgr.msc ---> deleted the localhost certificate from the Trusted Root certification authorities.
Then opened my solution (after I had run the identity sever) clicked run the visual studio asked fro me if I want generate new certificate to iis express (ssl), I had clicked yes and then it started to work properly:)
Related
I've had the "Failed to find a valid digest in the 'integrity' attribute for resource" error show up in my console logs from time to time in published files, but never locally. Out of the blue this started happening to me a couple days ago, and I've spent the last two days trying to fix it. I am also getting the error about my self-signed certificates being invalid. Here are the things I've tried.
Rebuild/Clean solution
Delete all bin/obj folders
Usually use chrome, but tried Firefox/Edge
Attempted to run via CLI dotnet watch this actually strangely worked in some scenarios but has since stopped working.
Uninstalled/Reinstalled IIS Express
Uninstalled/Reinstalled VS 2022
Ran dotnet dev-certs https --clean and dotnet dev-certs https --trust multiple times to recreate localhost certificates, but I still am getting the ERR_CERT_AUTHORITY_INVALID error.
Confirmed that the localhost certificate is present in both the Current User/Personal and Current User/Trusted Root Certification Authorities folder.
Closed visual studio deleted bin/obj/ .vs rebooted computer and tried again.
A rain dance around an open fire
It seems like there has to be some simple solution involving certificates, but I've tried everything I can think of, as an additional note my work PC is running SOPHOS, I have seen that it has blocked some DLLs, but its blocking is sporadic, so I am not convinced this is the source of the problem. Additional details:
VS2022 17.4.4
.NET 7
Blazor WASM Hosted
Even though I didn't think it was my firewall....it was my firewall. Sophos was blocking the Blazor WASM dlls as mentioned in this issue:
https://github.com/dotnet/aspnetcore/issues/21996
The telltale sign is in the response to the blocked dlls.
The resolution in my case was to contact our IT department and have them create a firewall exception for my computer.
EDIT
I believe now the problem lies in the fact that Visual Studio is not launching the server (or whatever it is) for the browser to call back to. I do not know if this is some service, its dependencies, or anything else about it!
Original
When running a MVC project in VS 2013, my Browser Link is not working correctly. The problem is that the URL to the browser link javascript file is being actively rejected.
An example message from fiddler:
[Fiddler] The connection to 'localhost' failed. <br />Error: ConnectionRefused (0x274d). <br />System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:27244
I've verified the following:
Same project works fine on other machines
The site itself works (on a different port)
vs:EnableBrowserLink is absent from web.config
Browser LInk is enabled
debug is set to true
The <!-- Visual Studio Browser Link --> portion is rendered in the page, thus confirming (even more so) that the browser link is enabled.
Read every article on how to use Browser Link - none detail what happens if the connection to the script is refused
Same exact problem on all browsers
Same exact problem on all web projects (I've tried several, even fresh 'vanilla' one)
Restarting VS, computer, doesn't fix
Running VS as admin doesn't fix
Running in Safe Mode doesn't fix
Disabling all VS extensions doesn't work
Running 'repair' on VS also does not work
The port that it's attempting to reach (in my example, 27244) does not show up at any of the IP addresses in netstat -aon
To me this means it fails to start
Firewall (even the corp one) is not blocking any of these ports
Procmon and Procexplorer reveal nothing I can understand to be as to why VS is not starting the SignalR process(es).
A brand-new project w/ SignalR from NuGet works fine - there must be something different on how VS uses it interally
I don't understand how the port it uses is generated, but it's different for every project.
I understand that Browser Link uses SignalR on the insides, but my research on that and connection refused leads me just enable port 80, which obviously won't help.
What else could it be? Any ideas? Where can I check?
Unfortunately, I was unable to pinpoint the exact reason... however, my problem has been solved. Uninstalling and reinstalling Visual Studio entirely didn't seem to help. What finally seemed to help was assigning port 44399 to a port on my local IIS. This forces Visual Studio to use a different port, 44398, and from that point on Browser Link started working.
I'm left to assume that the SignalR server was unable to start due to that port being inaccessible, although I am not sure why.
We're having a problem here that a few hours on Google would suggest is very common but mostly unresolved.
Since upgrading to Windows 8.1, no Microsoft product can connect to any site via a secure channel, specifically TLS channels.
Internet Explorer 11 can connect to http web sites (e.g. msn), but will not connect to any https web sites (e.g. login.live.com, google). Attempting to connect to an https site results in 'This page cannot be displayed'. Other browsers, for example Firefox and Chrome, can connect to https web sites perfectly well.
On its own that wouldn't be an issue, we could just use Firefox (which is our default browser anyway), however every single Microsoft product uses the same settings and transports as Internet Explorer, and so none of those can connect to secure sites either.
This means that Windows Update won't work, and that we cannot register any Microsoft software (e.g. Office, Visual Studio, etc). Attempting to do so results in 'A communication error has occurred.'
Sometimes it gives an error code, for example attempting to activate Office gives 'A communication error has occured. Please verify that you have connectivity to the Internet and try again (0x80072F8F).
Googling that code suggests checking the BIOS date and time (we did, all correct) and resetting Internet settings (we did, to no avail).
We had the same problem crop up on Windows 7 after a Windows Update, which we fixed by going into Internet Options and disabling TLS 1.0 and re-registering some DLLs, however that hasn't fixed the issue here.
Other things we've tried are:-
Disabling SPDY/3
Disabling SSL 2.0
Every combination of enabled and disabled TLS 1.0, 1.1 and 1.2
Disabling Enhanced Protected Mode
Clearing SSL state
Uninstalling Internet Explorer 11
As I mentioned at the start, this only affects Microsoft products, anything from other companies or anything we write ourselves works perfectly, which would suggest there's some specific settings or code that Microsoft use that is the root of the issue.
Anyone else had this and managed to solve it?
I had this same problem with IE and this is what fixed it for me.
You should open a Command Prompt as Administrator and run the following commands:
regsvr32 Softpub.dll /s
regsvr32 Initpki.dll /s
regsvr32 Wintrust.dll /s
regsvr32 Mssip32.dll /s
Restart your computer and try accessing the HTTPS sites again with IE. These commands re-register the Dynamic-link library files which are called when you connect to an HTTPS site using Windows programs.
Here is the Windows support page which had this info:
https://support.microsoft.com/en-us/help/813444/you-cannot-log-in-to-or-connect-to-secured-web-sites-in-internet-explo
I had this same problem with trying to access domains in Powershell over HTTPS, but Google Chrome could access the HTTPS sites just fine on the same machine, so I knew it was a Windows-system issue and not a networking issue.
Hope this helps. Good luck!
I am following http://msdn.microsoft.com/en-us/library/ff649647.aspx#Step13 to add Username Authentication in WCF. At the step that I have to create a temporary certificate for SSL, I have the following questions:
The server that the WCF will be deployed on its IIS does not have Visual Studio, therefore I am not sure what I'm supposed to do for the part in link http://msdn.microsoft.com/en-us/library/ff648498.aspx that Step 3: Create and Install Your Temporary Service Certificate by using Visual Studio command prompt.
Also I am using IIS 8, and the steps in Step 13: Configure Security Settings in IIS does not follow smoothly as described in the step by step. If anybody has some experience to configure the Web site in IIS to use Secure Sockets Layer (SSL) encryption and anonymous security, I'd appreciate some pointers.
Ad1)
You can download makecert and put it on the target machine (its just a simple tool no need for full VS) or you can run the command on the different machine it will create and install certificates in the LocalMachine/My store. Then you can export this certificate using mmc tool with certifacate addin and install it on the target machine in the same place (again using mmc). When you are exporting it make sure you have the "include private key" checkbox checked.
Ad2) I dont have access to IIS8 atm but the description on the msdn sounds OK. The only tip i can think of is to make sure you have a port open for HTTPS communication. Its done using httpcfg tool
http://msdn.microsoft.com/pl-pl/library/ms733768(v=vs.110).aspx
I'm currently developping a website with Visual Studio 2010 and IIS Express 7.5 on Windows 7 x64 in a VirtualBox VM.
I have followed this article and made it works like a charm.
Working with SSL at Development Time is easier with IISExpress
The problem comes when I shut down my machine and start it back the next day. It doesn't work anymore, I have to redo the whole opertations in order to make it work.
Does anyone has an idea why everything is screwed up each time I restart my machine?
Thanks in advance.
I've had this exact problem with full blown IIS 7.5 and Server 2008.
My particular problem came about when moving the server authentication certificate (and associated private key) around (through dragging) in the MMC Certificate Manager.
There's a step in the tutorial you linked to where they ask you to "drag" the certificate from Personal to Trusted Root Certificates. I'd suggest deleting that certificate from the Certificate Manager and importing it directly into the Trusted Root Certificates.
I had the same problem with a Code-signing private certificate, after reboot it was gone.
I found this on ServerFault:
Right-click the certificate in MMC console ->All Tasks-> Manage Private Keys.
Add the needed users to access Now, Reboot the system and try it will work.
enter image description here
Try editing the app.config as an administrator.
The other thing is you VM's hard drive might be writing changes to a read only delta which get's dropped when you restart, hence nothing is saved
Thias was the solution for me:
http://blogs.msdn.com/b/asiatech/archive/2013/03/25/case-study-ssl-does-not-work-in-iis-7-5-after-server-reboots.aspx
Delete the certificate from the computer store and import it again. Dont drag and drop it from the user store.