0

I'm trying to add https to my local development environment in IIS express for a custom domain. I first created new certificate using the following command in a elevated developer command prompt

Makecert -r -pe -n CN="mycustomdomain.com" -a sha512 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

The problem now is that the mycustomdomain.com is now installed in the local certificate personal store and is telling me that this CA root certificate is not trusted and that I need to install this in the trusted root certification authorities store.

Would simply copying the certificate into the trusted root certification authorities store without the private key be enough? If not, what should I do?

Luis Averhoff
  • 887
  • 2
  • 11
  • 22
  • https://docs.jexusmanager.com/tutorials/self-signed.html – Lex Li Feb 01 '19 at 02:33
  • @LexLi Thanks, I installed and was able to install it successfully. The problem now is that even if the certificate is installed and I added this certificate to the port 443, chrome still doesn't accept my fake domain name that I want to use for development. – Luis Averhoff Feb 01 '19 at 14:10
  • https://docs.jexusmanager.com/tutorials/ssl-diagnostics.html – Lex Li Feb 01 '19 at 14:16
  • @LexLThanks, I ran the ssl diagnostics and generating the ssl certificate with a custom fake domain and importing the certhash to port 443, it now shows IIS Express running on 443 with my certificate but chrome still reports "refused to connect". Though at the end of the server diagnostics, it saids System.Security.Cryptography.CryptographicException: The parameter is incorrect. What could have caused that exception? – Luis Averhoff Feb 01 '19 at 14:32
  • "importing the certhash to port 443"? How did you do that? Jexus Manager displayed the exception because it failed to open the certificate store on your machine (the cause varies). – Lex Li Feb 01 '19 at 14:58
  • @LexLi I did `netsh http add sslcert ipport=0.0.0.0:443 certhash=hash_of_certificate_that_I_generated appid={someappid}`. I finally, got it to work by messing around with applicationhost.config in the .vs folder. – Luis Averhoff Feb 01 '19 at 15:58
  • makecert is deprecated by Microsoft. Based on your description, the root cause should be a wrong binding you set in `applicationHost.config`. – Lex Li Feb 02 '19 at 16:30

0 Answers0