Last week I was able to build and run a locally-hosted .NET website without any problems. However, for the past couple of days I haven't been able to get around this error:
ERR_CERT_COMMON_NAME_INVALID
This error message appears in both Chrome and Firefox. Edge and IE will load the page but block all AJAX requests without explanation.
The website is configured as an application in IIS and uses a self-signed certificate (created in IIS).
I encounter the same problem with running a completely separate .NET website so I doubt it has anything to do with each website's individual configurations.
My colleagues are able to browse their locally-hosted versions of the same website using a self-signed certificate in the same browser versions as I have installed.
Please, can someone tell me what might have happened to my setup, why are browsers no longer accepting my certificate, and how to get back to a running localhost website?
I'm a PHP developer and to be able to work on my development environment with a certificate, I was able to do the same by finding the real SSL HTTPS/HTTP Certificate and deleting it.
The steps are :
In the address bar, type "chrome://net-internals/#hsts".
Type the domain name in the text field below "Delete domain".
Click the "Delete" button.
Type the domain name in the text field below "Query domain".
Click the "Query" button.
Your response should be "Not found".
You can find more information at : http://classically.me/blogs/how-clear-hsts-settings-major-browsers
Although this solution is not the best, Chrome currently does not have any good solution for the moment. I have escalated this situation with their support team to help improve user/developer experience.
You should redo these steps every time you go on the server that contains the main HTTPS Certificate with HSTS clause.
Related
I just started working on a .NET project again that I hadn't touched in about a month, and suddenly in my localhost environment I'm getting ERR_CERT_AUTHORITY_INVALID errors when I try starting my application. I used dotnet dev-certs commands to regenerate the localhost certificate, but what's weird is it looks like Chrome is sourcing this localhost certificate from elsewhere. In the Developer Tools pane, I see this (notice the Validity Period):
I don't know why it shows that invalid Validity Period because I just generated a new localhost cert tonight, and I've blown away Chrome's SSL cache numerous times tonight. The following certificate appears in both the Personal > Certificates and Trusted Root Certification Authorities sections of certmgr.
Could someone please help me understand why Chrome thinks my localhost cert is from an invalid authority and how I can correct this issue? The last valid version came from the exact same place (although I think something else might have generated it because I don't recall using dotnet dev-certs CLI commands to create the original cert).
Well this is incredibly stupid. After wasting hours last night and an hour or two tonight of trying fixes I found in blogs and whatnot, an answer on a similar StackOverflow question stated I should attempt repairing my Visual Studio install. Sure enough, doing that resolved the issue.
After I repaired my Visual Studio install and loading up my project I was having HTTPS issues with, I got a dialog box from VS2022 like the one below (snipped from bing.com/images since I dismissed my dialog while trying to fix this) and I selected "Yes".
This added a new certificate but strangely it only added it to the Trusted Root Certification Authorities in certmgr and not to Personal, whereas the one I generated from dotnet dev-certs CLI commands created two; one in Trusted Root Certification Authorities and the other in Personal. The below screenshot shows both certificates; "IIS Express Development Certificate" is the one that resolved the issue and the one that was created by repairing VS2022.
I don't know why VS2022 didn't prompt me to renew the certificate after it was expired. On the bright side, assuming this never gets addressed in a future iteration of Visual Studio, after going through this experience I'm sure that by 10/3/2027 that I'll remember everything that transpired here today and that I must repair my installation of VS20XX if I want to avoid wasting hours of my time due to a localhost SSL certificate expiration.
After I have spent lot of times of searching the solutions, finally I am able to solve it by following the steps below. Hopefully, this will save your days.
open dev tools in chrome, go to Security tab and click on the View certificate.
go to Details tab and click Copy to File...
then Certificate Export Wizard windows will pop up and click the Next button to continue.
remain DER encoding options, click Next and choose Browse, save it and name the certificate as localhost.cer. You should see your saved certificate on your saved path chosen just now.
open chrome://settings/ by copy this in the browser url box.
choose Privacy and security in the side menu > Security > Advanced > Managed Certificates
Certificates window will pop up as below. Choose Trusted Root Certificate Authorities tab and click Import...
import the localhost certificate which saved to chosen path just now at steps 4.
click browse to import the locahost.cer and click Yes to finish the import certificate process.
Close everything and restart your chrome browser. Remember to rebuild and rerun your project if you running the project using dotnet run command prompt for the changes to take effect in the browser.
Now you should be able to access any localhost website urls with secure tag.
We suddenly started seeing this "Could not create SSL/TLS secure channel" error.
Our website does a simple POST to another server to a HTTPS URL
This suddenly stopped working
Nothing has changed (Windows Updates, our updates, server settings) to cause suspicion. That we know of, or can remember.
We can navigate to the posted URL just fine.
We have other websites that also do this same POST to that same server and they continue to work. Everything is using TLS 1.0 and the target server has not changed anything recently. Nobody has turned off TLS 1.0 on either side.
This issue is discussed in many other stackoverflow postings, so to research systematically we made a clone of the website on the same server. Just copied its code (compiled code folders) and set up another virtual host in the same IIS.
The POST operation from the clone works! Same server, same code, same IIS. So we can't even reproduce it on the exact same setup. The copy is working but the original is throwing this error.
So finally the question:
Does the fact that the copied website can POST successfully give anybody any insight into what may have happened?
Could some IIS settings on the original site been changed? The only thing different is they are two virtual hosts on the same server.
Windows Server 2012R2, IIS 8.5, ASP.NET/C#.
I found the solution here:
https://social.technet.microsoft.com/Forums/en-US/9dfb4d09-8096-40c9-ac75-1e23f75417c9/frequent-event-id-36888-windows-schannel-errors-in-the-event-viewer?forum=W8ITProPreRel
The causes can be many, apparently, even Windows updates. Still seems odd that it would happen (consistently) on one website and not on its clone (also consistently).
The specific steps to fix were:
In Group Policy Editor (run: gpedit.msc), went to Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility and enabled "allow local activation security check exemptions"
The connection to the website was reset.
Error Code: INET_E_DOWNLOAD_FAILURE
I have a C# web application running on our internal IIS 10 Server and the site uses Windows Authentication. Our networking team setup everything needed to get to the site from the Internet. I get the above error when connecting from the Internet and have the site listed in Local Sites.
I have users with laptops that sometimes work in the office and on the road. So, we've added the url to Security - Local Sites so they aren't required to enter a login an password each time they go to the site. This works fine until they hit the road where they get the above error.
If I remove the site from Local sites or added it to trusted sites, it works. It works if they use Chrome, but not IE or Edge. It also works if the VPN in, but they don't want to do that.
The message is very vague and I've tried a variety of things based on research I've been doing, but no luck. One suggestion was to setup the Developers tools and capture the error, but this also proved to be of no value, unless I'm doing something wrong.
The message returns quickly, so it's not timing out. I've also checked Event Logs and not finding any related messages.
I've tested this using different Custom Security Levels - Automatic Login with Current User, etc.
Please let me know if you have other suggestions or if I can supply additional information.
VS 2017, C#, IIS 10, .Net 4.6
I have an ASP.Net Website (not a web app, fwiw) that builds and works just fine locally through IIS on my dev laptop.
However, when I publish it to our QA box and try to view while I'm remoting into that server, I get a message from IE saying "Internet Explorer cannot display the webpage". Firefox just spits back a quick "Connection Timed Out"
There is absolutely nothing in the event log nor the IIS log about this. I'm unsure where I can look for more info.
I'm fairly confident it is an ASP.Net issue. I can install a sample site from our vendor, Ektron, into IIS and it will run. If I overwrite the sample's web.config with my own, it continues to run. If I then blow away the entire sample site and copy over my site from my local, I'll get the message about how "Internet Explorer cannot display the webpage".
I've tried to keep the environments as close together as I can. Both boxes are running IIS 7.5 under an integrated app pool for .Net 4.0. I browse via localhost on dev and via an IP on the server.
I am not terribly familiar with the Website template, so I might be missing something obvious (I hope!). I'm hoping someone can provide some guidance into how I can get more info on what the heck is going on so I can resolve this issue.
UPDATE
I think I'm getting closer. By using Fiddler (thanks for the suggestion, Amy!) I notice that it redirects the request to SSL. SSL requires a different license from our vendor, so that might be it. I'm still trying to understand why that redirect is taking place, but at least I have something now to look at.
I'd look into the SSL settings in the web.config / IIS - settings for Mime Types and also into Ektron's MIME Types in the MimeType.config file. I found that some .aspx pages like (ekajaxtransform.aspx) weren't functioning correctly because of firewall/proxy issues/restrictions.
Hope it helps. :)
Is there a way to bypass/ignore/disable certificate errors ? I'm encountering this on IE8 and the server is using IIS 7. The situation is I created a asp.net website and Im accessing this website using "https". My other website got no problem with this scenario but my other website does. I just want to do the trick within web.config or any other way except (server side code, creating Self Signed certificate, redirecting the website).
Thanks In Advance!
why are you seeing error to begin with? if you don't have certificate installed then make sure your not using HTTPS anywhere on your site.
its browser based...you can not control the warning message.
In IE follow the steps below. It works for me.
Click Tools and select Internet Options
Click the Security
Select "Trusted Sites" icon and set the Security level to "Medium Low".
Close all the Windows. Then open the browser.