How do I restore a missing IIS Express SSL Certificate?

ssl https ssl-certificate iis-express

109,686

Solution 1

Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. I typically run appwiz.cpl to launch the old control panel applet and run repair from there.

Windows 7 and 8.1: After going to Add/Remove Programs and choosing the "Repair" option on IIS Express, the certificate has been reinstalled and I can now launch IIS Express sites using HTTPS.

Repair IIS Express

The certificate is back:

IIS Express Development Certificate

And I can now launch the IIS Express site using HTTPS:

Success!

Solution 2

For Visual Studio 2015, IIS Express 10, Windows 10, these options didn't work for me. IIS Express 10 didn't have a repair option.

I managed to solve the problem using the IisExpressAdminCmd.exe command available at C:\Program Files (x86)\IIS Express.

From an elevated command prompt run:

cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:urlToYourSite -UseSelfSigned

Replacing urlToYourSite with your url.

e.g.

cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44387/ -UseSelfSigned

After that I closed IIS Express and restarted my site from Visual Studio and it prompted to automatically trust the self-signed certificate.

Hope that helps.

Solution 3

Also note that for IIS Express to work with SSL, the port used needs to be in the 44300 through 44399 range (http://www.iis.net/learn/extensions/using-iis-express/running-iis-express-without-administrative-privileges).

So, if you're using IIS Express in Visual Studio, make sure the port selected is in the required range: vs setting for iis express

Solution 4

Sometimes this error is because of a different certificate installed for localhost. If that is the case, there is no need to restore the IIS Express certificate. Instead, you can do the following to tell IIS Express to use your existing certificate:

Open the Certificates MMC snap-in as described here
Find your localhost certificate e.g. under Personal...Certicates and get its thumbprint:
1. Bring up the properties dialog for the localhost certificate and find the Thumbprint property
2. Paste the thumbprint value into Notepad (or whatever) and remove the spaces and any special characters at the beginning
Find the port value of your IIS Express project:
1. Go to the project properties in Visual Studio and finding the "SSL URL" value, e.g. "https://localhost:44300/MyApp".
2. In this example 44300 is the port number. If yours is different, change that value in the later commands.
Use the following commands in an administrative command prompt (not Powershell):

netsh http delete sslcert ipport=0.0.0.0:44300

netsh http add sslcert ipport=0.0.0.0:44300 certhash=your_cert_hash_with_no_spaces appid= {123a1111-2222-3333-4444-bbbbcccdddee}

The Guid in the above command can be replaced with one that you generate. It does not correspond to any existing IIS Express value.

For further reference see Handling URL Binding Failures in IIS Express.

Solution 5

With new Chrome 58, nothing from the answers below will help. I've just spent 1 hour uninstalling / reinstalling certificates and trying to find out where the problem is.

Apparently Chrome 58 will refuse certificate because "missing_subjectAltName"

The solution is either "badidea" passphrase or if you need to open popups for login you have to use:

chrome://flags/#allow-insecure-localhost

The source is and the upvote belongs to: https://stackoverflow.com/a/38926117/2089232 :)

View more solutions

109,686

Chris Simmons

Updated on April 25, 2021

Comments

Chris Simmons about 3 years

After setting up HTTPS in IIS Express, according to such articles as this and this, I am unable to actually load an IIS Express site using HTTPS. In Chrome, I am only getting:

This webpage is not available (with error code "ERR_CONNECTION_RESET")

...and in IE I am only getting:

Internet Explorer cannot display the webpage

...when I follow the directions in those articles.

It appears this has to do with the fact that the "IIS Express Development Certificate" that IIS Express installs automatically has been removed. How do I get this certificate reinstalled?
- Gerardo Grignoli almost 8 years
  
  Also happened to me trying to run IISExpress on port 443 (or actually on any port outside the 44300-44399 range)
- haymansfield almost 8 years
  
  Note: the accepted answer to this question is applicable even where the IIS Express localhost certificate is present and appears to be fine.
- RickAndMSFT almost 7 years
  
  For Visual Studio 2017 see stackoverflow.com/questions/44142037/…
Darius over 9 years

Works for me too, but in my case the certificate was there. Not sure why, but that resulted in same error. So i've removed certificate, and 'repair' reinstalled this back, and voila. Thanks alot.
Chris Weber about 8 years

Note for Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. Brilliant idea msft.
Lex Li almost 8 years

A much quicker way is to launch Jexus Manager and generate a new certificate and then bind to your site. jexusmanager.com Of course it does not yet fix broken certificate bindings and I will see how to make that a one-click feature.
Gerardo Grignoli almost 8 years

This worked for me trying to run IISExpress on port 443. +1
ranieuwe almost 8 years

The repair works but I had to delete any existing certificates using MMC. The problem I ran into was that I was not deleting them as admin from localMachine. Make sure you run MMC with elevated permissions!
Ryan Thomas over 7 years

I was able to use a port outside this range after using the command in Bernie White's answer without any problems. Windows 10 / Visual Studio Community 2015 / .Net Core 1.0.1 / IIS Express 10.0
Erwin Mayer over 7 years

Thanks! This solved the issue for me. Weird that Visual Studio doesn't warn about that.
Glenn about 7 years

This solution worked great for me. Windows 10, Visual Studio 2015, IIS Express 10.
John Ernest about 7 years

This is still the case in VS2017 Community. I had to run this command in order to get a default MVC5/Web Api 2 site to pull up when I changed from http to https, using IIS Express 10 on Windows 10. Thank you for posting I would have never figured this out on my own.
travis.js about 7 years

See stackoverflow.com/questions/43676993/…
Kishan Choudhary about 7 years

Thanks. This works for me. But just want to know is there any permanent solution for all the application. Because if I create a new project I need to do the same again. Is uninstalling and installing again the solution?
Chris Marisic almost 7 years

If anyone here is having problems getting a specific port used by IIS Express, you might want to check if someone has a site registered in IIS using that port. That was my day today.
joerage almost 7 years

In Windows 10, IIS Express has a repair option. You need to go through Control Panel. Accepted answer worked for me.
Lex Li almost 7 years

44300-44399 is just the default port range with a certificate mapped. You can easily create similar certificate mapping by calling netsh, or simply use Jexus Manager, blog.lextudio.com/…
Lex Li almost 7 years

In case you are tired of using command line, you can use Jexus Manager to do the same, blog.lextudio.com/…
Lex Li almost 7 years

A more visual way is to use Jexus Manager, blog.lextudio.com/… then you don't have to remember the details like certificate hash.
Lex Li almost 7 years

Also see blog.lextudio.com/…
Chris R. Donnelly almost 5 years

Note for VS2019 users: "Repair" will not work because the Visual Studio Installer does not put the MSI file where Control Panel expects it to be. However, there is a _package.json file in that same directory, and it contains the URL of the MSI file. You may either run that manually or copy it to where Control Panel expects it.
gmsi over 4 years

if you get "The parameter is incorrect." error - use this appid first then certhash. Example: netsh http add sslcert ipport=0.0.0.0:44300 appid={C21B9F4D-2A5D-4160-81C8-FBCC3EFC335E} certhash=your_cert_hash_with_no_spaces
FishBasketGordo about 4 years

Repair on IIS Express does not appear to be working for me. I'm using Visual Studio 2019, but I wasn't able to find the correct MSI to run it manually.
Geralt almost 4 years

Worked with Windows 10 / VS2019 / IIS Express 10. Reinstall did not suffice.
gware almost 4 years

I was having trouble getting IIS Express to allow me to run projects locally in VS2019 with different ports; this did the trick. I was able to add each url with its port and when the site ran on its port, I didn't get any more errors.
Itsme1 over 3 years

@ChrisR.Donnelly I know that this is an old comment, but could you please tell me what I should do to repair the IIS 10 if I have VS 2019. Thanks
John Pankowicz about 3 years

@Itsme1 - I have VS2019 and just used Chris's method to repair IIS 10.0 Express. It's convoluted but it works. I downloaded the msi file to any folder and pointed "Repair" at that folder when it couldn't find it in its normal place. During the repair, the "localhost" cert appeared under Personal Certificates.
Chris Simmons about 3 years

"It's convoluted but it works." Sounds about right! :)
Prashant Gupta about 3 years

This is the only solution that worked for me.
rlv-dan almost 3 years

Worked for me in my SharePoint development machine when Central Admin stopped responding (ERR_CONNECTION_RESET)
Graeme Mehl almost 3 years

Thank you. Saved me a lot of un/reinstalling!
rvnlord over 2 years

Worked for ERR_CONNECTION_RESET in ASP.NET CORE (.NET 5.0), Visual Studio 2019, didn't even need to restart VS, just preessed F5 in the Browser during the same debugging session. Thanks, thats very helpful (i.imgur.com/jQYUw0l.png).
David Klempfner over 2 years

I'm on Win10 but had to use the normal add/remove programs, not the old one. The old one said the file couldn't be found. I also only had the "uninstall" option, not "repair", so I had to uninstall and reinstall IIS Express 10. That fixed it.
Ashu about 2 years

It worked for VS2019 community edition , IIS 10 and windows 10