SSL Connection Connection Reset with IISExpress

Question

I m using the new Visual Studio 2013 with IISExpress for the first time  previously used ASP net Development server on VS2010   I m running into issues trying to debug my project   This is what I see in Chrome   Unable to make a secure connection to the server  This may be a problem with the server  or it may be requiring a client authentication certificate that you don t have  Error code  ERR SSL PROTOCOL ERROR  I updated my Properies -  web file so that the Project Url uses a https URL now  However  after doing that  I now get a new error when launching   The connection to localhost was interrupted  Error code  ERR CONNECTION RESET  Thanks

User · Answer

The problem that I was experiencing had to do with me, at some point in time, enabling HSTS for localhost and not realizing that this would break my http://localhost:someport in IIS Express.

HSTS tells the browser (Chrome in my case) to ALWAYS request a URL using HTTPS. So therefor even though I hadnt even enabled SSL for my MVC 5 app, the browser would still try to access my site using HTTPS in the URL instead of HTTP.

The fix?

Surf to chrome://net-internals/#hsts
In the delete section, enter "localhost" and delete the record from Chrome.

User · Answer

If you re using URLRewrite to force SSL connections in your web config  it s probably rewriting your localhost address to force https  If debugging with SSL enabled isn t important to you and you re using URLRewrite  consider adding  lt add input   HTTP HOST   pattern  localhost  negate  true    gt  into your web config file s rewrite section  It will stop the rewrite for any localhost addresses but leave it in place in a production environment  If you re not using URLRewrite or need to debug using SSL  http   www hanselman com blog WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress aspx might help  It s for VS2010  but should suffice for VS2013 as well

User · Answer

I was having this problem  I had configured my site for global require https in FilterConfig cs   public static void RegisterGlobalFilters GlobalFilterCollection filters                filters Add new HandleErrorAttribute             filters Add new RequireHttpsAttribute             I had forgotten to change the project url to https  from this tutorial http   azure microsoft com en-us documentation articles web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database  under ENABLE SSL part 4  This caused the errors you were getting

User · Answer

I was getting ERR CONNECTION RESET because my Visual Studio 2013 IIS Express configured app port number was NOT in the range  44300- 44398    I don t recall having to dismiss any warnings to get out of that range    Changing the port number to something in this range is all I had to do to make it work     I noticed this after reviewing the netsh http show sslcert  gt  sslcert txt output and something clicking with stuff I read recently about the port numbers

User · Answer

The  Digicert certificate installation checker  is often helpful in situations like this   I was able to verify the SSL cert being attempted was the one I was expecting by comparing the serial number     For me  Jason Kleban answer was the actual problem  but this can be a very useful utility to check your basic assertions about what certificate is being loaded

User · Answer

I d just rebuilt my computer  This thread gave me the clues  where I realized in the project settings Web  the project was configured to use HTTP and the HTTP port  By updating it to HTTPS and the correct HTTPS port  everything started to work again

User · Answer

The issue that I had was related to  Jason Kleban s answer  but I had one small problem with my settings in the Visual Studio Properties for IIS Express   Make sure that after you ve changed the port to be in the range  44300 to 44399  the address also starts with HTTPS

User · Answer

Removing IISExpress and vs directories and using ssl port range of 44300 to 44399  inclusive  from this article worked for me

User · Answer

Make sure to remove any previous  localhost  certificates as those could conflict with the one generated by IIS Express  I had this same error  ERR SSL PROTOCOL ERROR   and it took me many hours to finally figure it out after trying out many many  quot solutions quot   My mistake was that I had created my own  localhost  certificate and there were two of them  I had to delete both and have IIS Express recreate it  Here is how you can check for and remove  localhost  certificate   On Start  type   mmc exe File   Add Remove Snap-in    Select Certificates   Add gt    Computer account   Local computer Check under Certificates  gt  Personal  gt  Certificates Make sure the localhost certificate that exist has a friendly name  quot IIS Express Development Certificate quot   If not  delete it  Or if multiple  delete all   On Visual Studio  select project and under property tab  enable SSL true  Save  Build and Run  IIS Express will generate a new  localhost  certificate  Note  If it doesn t work  try these  make sure to disable IIS Express on VS project and stopping all running app on it prior to removing  localhost  certificate  Also  you can go to  control panel  gt  programs  and Repair IIS Express

User · Answer

To follow on to other answers about setting the SSL port between 44300 and 44399  I was unable to change the SSL Enabled property in Visual Studio  nor set a specific SSL URL  Other answers  like repairing IIS Express did not help  The solution was to go into the  vs folder parallel to the sln file  open the config subfolder  and then edit the applicationhost config file  Then  I added the https line manually and restarted VS     lt binding protocol  http  bindingInformation    24941 localhost    gt                   lt binding protocol  https  bindingInformation    44301 localhost    gt

User · Answer

Another problem that happened me twice  In IIS Express s applicationhost config the order of the bindings does matter  One binding could take precedence over your SSL binding  making it not working    Example    lt site name  MySite007  id  1  gt       lt application path     applicationPool  Clr4IntegratedAppPool  gt           lt virtualDirectory path     physicalPath  C  Users myuser projects mysolutionfolder MyProject Service    gt       lt  application gt       lt bindings gt           lt binding protocol  http  bindingInformation   8081 localhost    gt           lt binding protocol  http  bindingInformation   8080     gt  lt  -- evil binding -- gt           lt binding protocol  https  bindingInformation    44327 localhost    gt       lt  bindings gt   lt  site gt    You may have added a binding similar to the second one to be able to access your WebService from outside localhost  Because this binding listens on any adress  it seems to override the SSL binding although a different port was used    Remove the evil binding or move it down

User · Answer

In my case  I was getting this exact error running on port 443  and  for reasons I won t go into here  switching to a different port was not an option   In order to get IIS Express to work on port 443  I had to run this command    C  Program Files IIS Express gt IisExpressAdminCmd exe setupsslUrl -url https   localhost 443  -UseSelfSigned  Much thanks to Robert Muehsig for originally posting this solution here  https   blog codeinside eu 2018 10 31 fix-ERR CONNECTION RESET-and-ERR CERT AUTHORITY INVALID-with-iisexpress-and-ssl

User · Answer

In my case  the localhost url was redirected to https   localhost when I was debugging  This happened from one moment to other  without changing anything  I solved this by making a hard reload to the browser  Here the link

User · Answer

In my case  I created a self-signed certificate and had it working  except I was getting an error in the browser because the certificate was untrusted  So  I moved the cert into the Trusted Root Certification Authorities   Certificates folder in the Certificates snapin  It worked  and then I closed Visual Studio for the day   The following day  I started my project and I received the error mentioned in the original question  The issue is that the certificate you configured IISExpress with must exist in the Personal   Certificates folder or HTTPS will stop working  Once IIS Express successfully starts  you can drag the cert back to the trusted location  It ll continue to work until you restart IIS Express   Not wanting to fuss with dragging the cert back and forth every time  I just place a copy of the certificate in both places and now everything works fine

User · Answer

I am summarizing the steps that helped me in resolving this issue    Make sure the SSL port range used by IIS express  is between 44300-44398      During installation  IIS Express uses Http sys to reserve ports 44300   through 44399 for SSL use  This enables standard users  without   elevated privileges  of IISExpress to configure and use SSL  For   more details on this refer here    Run the below command as administrator in Command prompt  This will output the SSL Certificate bindings in the computer  From this list  find out the certificate used by IIS express for the corresponding port          netsh http show sslcert   sslcert txt    Look for the below items in the sslcert txt  in my case the IIS express was running at port 44300       IP port                   0 0 0 0 44300       Certificate Hash          eb380ba6bd10fb4f597cXXXXXXXXXX       Application ID            214124cd-d05b-4309-XXX-XXXXXXX     Also look in the IIS express management console  RUN  Ctrl R  -  inetmgr exe  and find if the corresponding certificate exists in the Server Certificates        Click on the ServerRoot -  under section IIS    -  Open the Server   Certificates     If your localhost by default uses a different certificate other than the one listed in Step 3  continue with the below steps       netsh http delete sslcert ipport 0 0 0 0 44300      netsh http add sslcert ipport 0 0 0 0 44300 certhash New Certificate Hash without space appid  214124cd-d05b-4309-XXX-XXXXXXX    The New Certificate Hash will be your default certificate tied-up with your localhost  That we found in step 4  or the one which you want to add as a new certificate   P S  Thank you for your answer uos    which helped me in resolving this issue

User · Answer

If you need to use a port outside of the 44300-44399 range  here s a workaround    Create a new site in IIS  not Express  Bind HTTPS to the port you need For SSL Certificate  choose IIS Express Development Certificate Once the site is created  stop it  since it doesn t actually need to be running   This registers the IIS Express Development certificate with that port and is the easiest way I ve found to get around the 44300-44399 range requirement

User · Answer

None of the above options worked for me  I had to do the following    Uninstalled IIS Express 8 0 Deleted all the configurations in my Documents directory for IIS Express Reinstalled IIS Express 8 0 Deleted the project on my local machine and downloaded a clean version for TFS Ran the project - it then ran over SSL and I am able to debug   I got the steps from this thread   Hope this helps

User · Answer

This is anecdotal as overheard from a co-worker  but allegedly this is an issue with chrome forcing https  I usually launch in firefox so i hadn t seen this problem before  Using firefox or ie worked for my co-worker

User · Answer

In my case after trying everything for three days  solved by just starting Visual Studio by  quot Run as Administrator  quot

User · Answer

KASPERSKY ISSUE   I d tried everything  localhost with SSL worked if I ran VS2019 as Administrator  but the connection was lost after a while of debugging  and I had to re-run the app  The only worked for me was uninstall Kaspersky  unbelievable  days ago I d tried to pause Kaspersky protection and it didn t solve the problem  so I had discarded antivirus issues  after days of trying solutions  I resumed antivirus matter  uninstalled Kaspersky V 21 1      tried and worked  installed V 21 2     and it works fine also without running VS as Administrator

User · Answer

My problem was caused by Fiddler  When Fiddler crashes it occasionally messes with your proxy settings  Simply launching Fiddler seemed to fix everything  perhaps it repairs itself somehow

User · Answer

I have a same problem in Visual Studio 2015  Because I use SSL binding in web config   lt rewrite gt      lt rules gt           lt rule name  HTTP to HTTPS Redirect  stopProcessing  true  gt          lt match url          gt          lt conditions gt             lt add input   HTTPS   pattern  off    gt          lt  conditions gt             lt action type  Redirect  url  https    HTTP HOST   R 1   redirectType  Found    gt        lt  rule gt      lt  rules gt   lt  rewrite gt    And I can fix the problem with the answer of Mr djroedger  By replacing    lt add input   HTTPS   pattern  off    gt    with   lt add input   HTTP HOST   pattern  localhost  negate  true    gt   into my web config  so my code is   lt rewrite gt     lt rules gt          lt rule name  HTTP to HTTPS Redirect  stopProcessing  true  gt         lt match url          gt         lt conditions gt            lt add input   HTTP HOST   pattern  localhost  negate  true    gt         lt  conditions gt            lt action type  Redirect  url  https    HTTP HOST   R 1   redirectType  Found    gt       lt  rule gt    lt  rules gt   lt  rewrite gt

User · Answer

In my case I d simply forgotten I had a binding set up for  in my case  https   localhost 44300 in full IIS   You can t have both

User · Answer

I had the same issue running Rider VS  both were using IIS Express to run it  I was having the issue with Postman  Chrome  Firefox and front end application calling it  Turns out that because my laptop was appropriated for me when i started working for this company the previous developer had clicked No when asked if he wanted to use the Developer Cert the first time he ran IIS Express  This was fixed on Windows 10 by going to Add Remove Programs  from the new UI there is a link on the right to launch the classic application for Adding and Removing Programs  then Repair IIS 10 0 or 8 or whatever version you are running  Then try running the application again  I did this in VS but assume that Rider would do the same  and when asked whether you would like to use the Developer Certificate you click YES  Hours wasted on this  but all sorted after that

[ssl] SSL Connection / Connection Reset with IISExpress

Examples related to ssl

Examples related to visual-studio-debugging

Examples related to visual-studio-2013