IIS Express -- Getting SSL to Work

asp.net-mvc visual-studio ssl iis-express

59,485

Solution 1

After you've set a project to use IISExpress, press F4 while the project is selected on the solution explorer to bring up the properties and in the properties set SSL Enable set true and under SSL URL set the URL with the port (443 in your case) you want for the SSL.

This works for me without going under the hood and the self signed certificate was automatic.

To run the project on that URL by default, you can right click on the project, select properties, then Web and replace the Project Url with https://localhost:443

Solution 2

If you have followed jbtule's steps and SSL is still not working, ensure that your port is in the format :443XX.

Visual Studio did this automatically for the first project I enabled SSL on, but any subsequent projects seem to have random SSL ports. Changing it to the above 443 structure under the Project > Web UI got it up and working for me.

Solution 3

I recently had a very similar problem with VS 2019 and IIS Epress. I tried to change the http to https so that I could use ADFS. (Msg : This site is unreachable localhost does not allow connection).

After a little more research, I tried to switch the 'Require SSL' property from true to false and back to true. This triggered an update to the applicationhost.config file (... . Vs \ ProjectName \ config \ applicationhost.config) that created a new SSL binding with a new port number for the https protocol. So, I modified all the links with the proposed new port (in the web property of the project, the config file and the ADFS config) and it works. Conclusion, it is not necessary that the http port is the same as https same for the same site.

59,485

Author by

Admin

Updated on July 05, 2022

Comments

Admin almost 2 years
I am unable to get IIS Express to accept secure connections for a VS2010 MVC3 project that I'm developing. I can get it to accept unsecure connections on port 80, but not secure on port 443.

I've taken the following steps, based on googling:

1) Located the SHA1 thumbprint for my IIS Express Server self-signed certificate via executing the following on a VS2010 commandline:
```
certmgr.exe /c /s /r localMachine MY
```
The result was 9B088F80 A4FC3141 28F62890 70BA1FC4 49FDD009. I learned later that I need to delete the spaces when using the thumbprint.

2) Deleted whatever certificate was linked to port 443 by executing the following on an elevated commandline prompt:
```
netsh http delete sslcert ipport=0.0.0.0:443
```
3) Generated a new GUID by running Create GUID off the VS2010 Tools menu. In my case I got B0421A5B-FF61-47CE-892D-11AA3A9C7D2A.

4) Installed the self-signed certificate to port 443 by executing the following on an elevated commandline prompt:
```
netsh http add sslcert ipport=0.0.0.0:443 certhash=9B088F80A4FC314128F6289070BA1FC449FDD009 appid={B0421A5B-FF61-47CE-892D-11AA3A9C7D2A}
```
5) Modified the ACL by running the following from an elevated commandline prompt:
```
netsh http add urlacl url=https://localhost:443/ user=everyone
```
6) Modified the application.config file for IIS Express by adding a binding for port 443 and the https protocol. The sites section for the file ended up looking like this:
```
        <sites>
        <site name="Development Web Site" id="1" serverAutoStart="true">
            <application path="/">
                <virtualDirectory path="/" physicalPath="%IIS_BIN%\AppServer\empty_wwwroot" />
            </application>
            <bindings>
                <binding protocol="https" bindingInformation="*:443:localhost" />
                <binding protocol="http" bindingInformation="*:80:localhost" />
            </bindings>
        </site>
        <siteDefaults>
            <logFile logFormat="W3C" directory="%IIS_USER_HOME%\Logs" />
            <traceFailedRequestsLogging directory="%IIS_USER_HOME%\TraceLogFiles" enabled="true" maxLogFileSizeKB="1024" />
        </siteDefaults>
        <applicationDefaults applicationPool="IISExpressAppPool" />
        <virtualDirectoryDefaults allowSubDirConfig="true" />
    </sites>
```
7) Restarted the http service by executing the following at an elevated commandline prompt:
```
net stop http
net start http
```
8) Changed the Project URL on the Web tab of my MVC project's Property page to the following:
```
http://localhost/
```
Saving the project property page triggered a reconfiguration of the server after I made this change.

When I launch the MVC app from within VS2010 it correctly ties back to http://localhost (on port 80, the default; I haven't included all the steps for getting IIS Express to work with unsecure/normal connections on port 80, but they're essentially steps 5 thru 7, but focusing on http and port 80, not https and port 443).

However, trying to transition to any action that requires https gets me a "server refused connection" error.

What am I doing wrong?
Admin about 13 years

Wow! That sure is a LOT easier than what I found in my searching. I'll have to give it a try.
Luke Puplett almost 12 years

For clarity, is this simple answer all that has to be done to enable SSL on IIS Express? i.e. Mark's command-line work is not required.
jbtule almost 12 years

Yes, simple answer all that is required.
twomm about 11 years

in Visual Studio 2012 I can enable SSL, however I cannot change the port number in the properties dialog.
rthomsen almost 11 years

In VS 2012 you can use the URL assigned under the "SSL URL" property, in my case it was localhost:44300
Nathan almost 11 years

Unfortunately for me, for some reason, the IISExpress generated certs don't work. I get a connection reset, and the error "A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001." in the system log
Ceco almost 10 years

@twomm, I think you cannot change the port number because the IIS Express development TLS certificate is bound to https://localhost:44300/. I ran as admin netsh http show sslcert ipport=0.0.0.0:44300 and that is the case in my machine.
BenPatterson1 almost 5 years

This absurd magic format: "443XX" is the answer I needed. Thank you.
Ashraf Sabry over 4 years

Yes, this works. Thanks But where's this number documented?
Marc Levesque over 3 years

OMG Microsoft what were you thinking!? This worked for me too.
Taha Ali over 2 years

A God Send Answer... Thanks a LOTTT.
JasonWilczak over 2 years

Just came here to say this...the 443xx port change is the one thing i needed, thank you! for anyone coming here, i had my old http port aas like 58333, it wasn't working when ssl was enabled. I switched it to 44311 and now it works :)
CoderSteve about 2 years

Thanks a lot for this. Toggling the "SSL Enabled" property for the project to false, then back to true, made it suggest the proper port number--which was 44319 for me.