This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL with IIS Express Not working

Go to solution
Ryan_C
Engaged Sweeper

‎01-17-2022 03:24 PM

I'm familiar with how to set up SSL in IIS Express. However, every time we do, it breaks the system.

The moment I input the cert's thumbprint and restart the service, the whole site now becomes unreachable. As soon as I put the old thumbprint back in and restart the service, it all works again.

Any ideas? We've had three of us try this each dozens of times, so it's HIGHLY unlikely we're all making the same mistake. But for some reason it worked once (and only once) with a now-expired certificate.

The browser says that there is no certificate when we change to the new thumbprint.

I'm attaching a sanitized copy of our IISExpressSvc.exe.config file, and screenshots of the messages in the browser when we have the new thumbprint in place.
Labels:
2022-01-17 07_20_58-.png
Preview file
8 KB
IISExpressSvc.exe.config.txt
Preview file
1 KB
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
fjca
Champion Sweeper II

‎01-26-2022 08:16 PM

Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...

View solution in original post

0 Kudos
6 REPLIES 6
Go to solution
edsn
Engaged Sweeper

‎01-28-2022 11:29 AM

Make sure you import a pfx that contains the private key to the certificate you are using.

I had the same issue when I tried to use a certificate that was imported from .crt.

If you only have .crt and .key files you can use the following command (and openssl) to create a pfx:
openssl pkcs12 -export -out bundle.pfx -inkey privkey.key -in cert.crt -certfile cert.ca.crt
0 Kudos
Go to solution
Ryan_C
Engaged Sweeper
In response to edsn

‎01-31-2022 04:23 PM

edsn wrote:
Make sure you import a pfx that contains the private key to the certificate you are using.

I had the same issue when I tried to use a certificate that was imported from .crt.

If you only have .crt and .key files you can use the following command (and openssl) to create a pfx:
openssl pkcs12 -export -out bundle.pfx -inkey privkey.key -in cert.crt -certfile cert.ca.crt


I'm pretty sure the PFX has the key, but I did not generate it myself (another team handles that). I'll verify.
0 Kudos
Go to solution
fjca
Champion Sweeper II

‎01-26-2022 08:16 PM

Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...

0 Kudos
Go to solution
Ryan_C
Engaged Sweeper
In response to fjca

‎02-01-2022 08:19 PM

fjca wrote:
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...



Thanks, fjca. It seems this was the primary issue. We had it in the incorrect store.
0 Kudos
Go to solution
Ryan_C
Engaged Sweeper
In response to fjca

‎01-31-2022 04:20 PM

fjca wrote:
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...



Thank you. I will check that out. I think it's there, but I cannot be positive from memory alone.
0 Kudos
Go to solution
Ryan_C
Engaged Sweeper

‎01-19-2022 02:56 PM

Any ideas?
0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
li.common.scroll-to.top