How do I restore a missing IIS Express SSL Certificate?
Solution 1
Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. I typically run appwiz.cpl to launch the old control panel applet and run repair from there.
Windows 7 and 8.1: After going to Add/Remove Programs and choosing the "Repair" option on IIS Express, the certificate has been reinstalled and I can now launch IIS Express sites using HTTPS.
The certificate is back:
And I can now launch the IIS Express site using HTTPS:
Solution 2
For Visual Studio 2015, IIS Express 10, Windows 10, these options didn't work for me. IIS Express 10 didn't have a repair option.
I managed to solve the problem using the IisExpressAdminCmd.exe
command available at C:\Program Files (x86)\IIS Express
.
From an elevated command prompt run:
cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:urlToYourSite -UseSelfSigned
Replacing urlToYourSite with your url.
e.g.
cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44387/ -UseSelfSigned
After that I closed IIS Express and restarted my site from Visual Studio and it prompted to automatically trust the self-signed certificate.
Hope that helps.
Solution 3
Also note that for IIS Express to work with SSL, the port used needs to be in the 44300 through 44399 range (http://www.iis.net/learn/extensions/using-iis-express/running-iis-express-without-administrative-privileges).
So, if you're using IIS Express in Visual Studio, make sure the port selected is in the required range: vs setting for iis express
Solution 4
Sometimes this error is because of a different certificate installed for localhost. If that is the case, there is no need to restore the IIS Express certificate. Instead, you can do the following to tell IIS Express to use your existing certificate:
- Open the Certificates MMC snap-in as described here
- Find your localhost certificate e.g. under Personal...Certicates and get its thumbprint:
- Bring up the properties dialog for the localhost certificate and find the Thumbprint property
- Paste the thumbprint value into Notepad (or whatever) and remove the spaces and any special characters at the beginning
- Find the port value of your IIS Express project:
- Go to the project properties in Visual Studio and finding the "SSL URL" value, e.g. "https://localhost:44300/MyApp".
- In this example 44300 is the port number. If yours is different, change that value in the later commands.
- Use the following commands in an administrative command prompt (not Powershell):
netsh http delete sslcert ipport=0.0.0.0:44300
netsh http add sslcert ipport=0.0.0.0:44300 certhash=your_cert_hash_with_no_spaces appid=
{123a1111-2222-3333-4444-bbbbcccdddee}
The Guid in the above command can be replaced with one that you generate. It does not correspond to any existing IIS Express value.
For further reference see Handling URL Binding Failures in IIS Express.
Solution 5
With new Chrome 58, nothing from the answers below will help. I've just spent 1 hour uninstalling / reinstalling certificates and trying to find out where the problem is.
Apparently Chrome 58 will refuse certificate because "missing_subjectAltName"
The solution is either "badidea" passphrase or if you need to open popups for login you have to use:
chrome://flags/#allow-insecure-localhost
The source is and the upvote belongs to: https://stackoverflow.com/a/38926117/2089232 :)
Related videos on Youtube
Chris Simmons
Updated on April 25, 2021Comments
-
Chris Simmons about 3 years
After setting up HTTPS in IIS Express, according to such articles as this and this, I am unable to actually load an IIS Express site using HTTPS. In Chrome, I am only getting:
This webpage is not available (with error code "ERR_CONNECTION_RESET")
...and in IE I am only getting:
Internet Explorer cannot display the webpage
...when I follow the directions in those articles.
It appears this has to do with the fact that the "IIS Express Development Certificate" that IIS Express installs automatically has been removed. How do I get this certificate reinstalled?
-
Gerardo Grignoli almost 8 yearsAlso happened to me trying to run IISExpress on port 443 (or actually on any port outside the 44300-44399 range)
-
haymansfield almost 8 yearsNote: the accepted answer to this question is applicable even where the IIS Express localhost certificate is present and appears to be fine.
-
RickAndMSFT almost 7 yearsFor Visual Studio 2017 see stackoverflow.com/questions/44142037/…
-
-
Darius over 9 yearsWorks for me too, but in my case the certificate was there. Not sure why, but that resulted in same error. So i've removed certificate, and 'repair' reinstalled this back, and voila. Thanks alot.
-
Chris Weber about 8 yearsNote for Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. Brilliant idea msft.
-
Lex Li almost 8 yearsA much quicker way is to launch Jexus Manager and generate a new certificate and then bind to your site. jexusmanager.com Of course it does not yet fix broken certificate bindings and I will see how to make that a one-click feature.
-
Gerardo Grignoli almost 8 yearsThis worked for me trying to run IISExpress on port 443. +1
-
ranieuwe almost 8 yearsThe repair works but I had to delete any existing certificates using MMC. The problem I ran into was that I was not deleting them as admin from localMachine. Make sure you run MMC with elevated permissions!
-
Ryan Thomas over 7 yearsI was able to use a port outside this range after using the command in Bernie White's answer without any problems. Windows 10 / Visual Studio Community 2015 / .Net Core 1.0.1 / IIS Express 10.0
-
Erwin Mayer over 7 yearsThanks! This solved the issue for me. Weird that Visual Studio doesn't warn about that.
-
Glenn about 7 yearsThis solution worked great for me. Windows 10, Visual Studio 2015, IIS Express 10.
-
John Ernest about 7 yearsThis is still the case in VS2017 Community. I had to run this command in order to get a default MVC5/Web Api 2 site to pull up when I changed from http to https, using IIS Express 10 on Windows 10. Thank you for posting I would have never figured this out on my own.
-
travis.js about 7 years
-
Kishan Choudhary about 7 yearsThanks. This works for me. But just want to know is there any permanent solution for all the application. Because if I create a new project I need to do the same again. Is uninstalling and installing again the solution?
-
Chris Marisic almost 7 yearsIf anyone here is having problems getting a specific port used by IIS Express, you might want to check if someone has a site registered in IIS using that port. That was my day today.
-
joerage almost 7 yearsIn Windows 10, IIS Express has a repair option. You need to go through Control Panel. Accepted answer worked for me.
-
Lex Li almost 7 years44300-44399 is just the default port range with a certificate mapped. You can easily create similar certificate mapping by calling
netsh
, or simply use Jexus Manager, blog.lextudio.com/… -
Lex Li almost 7 yearsIn case you are tired of using command line, you can use Jexus Manager to do the same, blog.lextudio.com/…
-
Lex Li almost 7 yearsA more visual way is to use Jexus Manager, blog.lextudio.com/… then you don't have to remember the details like certificate hash.
-
Lex Li almost 7 yearsAlso see blog.lextudio.com/…
-
Chris R. Donnelly almost 5 yearsNote for VS2019 users: "Repair" will not work because the Visual Studio Installer does not put the MSI file where Control Panel expects it to be. However, there is a
_package.json
file in that same directory, and it contains the URL of the MSI file. You may either run that manually or copy it to where Control Panel expects it. -
gmsi over 4 yearsif you get "The parameter is incorrect." error - use this appid first then certhash. Example: netsh http add sslcert ipport=0.0.0.0:44300 appid={C21B9F4D-2A5D-4160-81C8-FBCC3EFC335E} certhash=your_cert_hash_with_no_spaces
-
FishBasketGordo about 4 yearsRepair on IIS Express does not appear to be working for me. I'm using Visual Studio 2019, but I wasn't able to find the correct MSI to run it manually.
-
Geralt almost 4 yearsWorked with Windows 10 / VS2019 / IIS Express 10. Reinstall did not suffice.
-
gware almost 4 yearsI was having trouble getting IIS Express to allow me to run projects locally in VS2019 with different ports; this did the trick. I was able to add each url with its port and when the site ran on its port, I didn't get any more errors.
-
Itsme1 over 3 years@ChrisR.Donnelly I know that this is an old comment, but could you please tell me what I should do to repair the IIS 10 if I have VS 2019. Thanks
-
John Pankowicz about 3 years@Itsme1 - I have VS2019 and just used Chris's method to repair IIS 10.0 Express. It's convoluted but it works. I downloaded the msi file to any folder and pointed "Repair" at that folder when it couldn't find it in its normal place. During the repair, the "localhost" cert appeared under Personal Certificates.
-
Chris Simmons about 3 years"It's convoluted but it works." Sounds about right! :)
-
Prashant Gupta about 3 yearsThis is the only solution that worked for me.
-
rlv-dan almost 3 yearsWorked for me in my SharePoint development machine when Central Admin stopped responding (ERR_CONNECTION_RESET)
-
Graeme Mehl almost 3 yearsThank you. Saved me a lot of un/reinstalling!
-
rvnlord over 2 yearsWorked for ERR_CONNECTION_RESET in ASP.NET CORE (.NET 5.0), Visual Studio 2019, didn't even need to restart VS, just preessed F5 in the Browser during the same debugging session. Thanks, thats very helpful (i.imgur.com/jQYUw0l.png).
-
David Klempfner over 2 yearsI'm on Win10 but had to use the normal add/remove programs, not the old one. The old one said the file couldn't be found. I also only had the "uninstall" option, not "repair", so I had to uninstall and reinstall IIS Express 10. That fixed it.
-
Ashu about 2 yearsIt worked for VS2019 community edition , IIS 10 and windows 10