问题
Chrome 58+ drops support for CN in SSL certs, which means (at least on my machine) that browsing sites hosted in IIS Express throw constant security warnings.
How do I change my IIS Express SSL certificate for one that will work with Chrom 58+?
回答1:
The answer Chris gave solves the issue, thanks! Because my whole team had this issue, I created a little Powershell script to run the steps in Chris' answer.
https://gist.github.com/camieleggermont/5b2971a96e80a658863106b21c479988
Running this in elevated mode did the trick for me.
回答2:
This is how I fixed this. There may be an easier way (I'm sure there is!)
Step 1 - Open Windows PowerShell (in admin mode) and generate a certificate like this:
New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My"
Keep the thumbprint safe.
Step 2 - Open a command prompt (in admin mode) and run these commands.
The first will delete the current IIS Express certificate for ports 44300-44399.
for /L %i in (44300,1,44399) do netsh http delete sslcert ipport=0.0.0.0:%i
The next will add your new certificate to those ports. Change the thumbprint obviously.
for /L %i in (44300,1,44399) do netsh http add sslcert ipport=0.0.0.0:%i certhash=33459ADA4D5329673604F43A073B7F43084818A7 appid={214124cd-d05b-4309-9af9-9caa44b2b74a}
The appid is for IIS Express 10 I believe. You may want to check your IIS Express appid is the same as mine first. To do that do this:
netsh http show sslcert
Step 3 - Restart IIS Express and Chrome, then run up one of your sites in Chrome.
It'll give you the security warning again. Proceed to the page then go into settings > advanced settings, HTTPS/SSL Manage certificates. In here, export the certificate from Personal and import the certificate to Trusted Root Certificate Authorities (I did it as .p7b) then restart Chrome.
Try the site again - you should be secure now.
You can do all this outside of Chrome in certmgr as well.
Edit: Alternate steps for Step 3 above using certmgr:
- Hit win key and type "certmgr" to open the Windows cert manager.
- Expand Certificates - Local Computer > Personal > Certificates and find the cert you just created (it should be issued to localhost and have an expiration one year from the current date).
- Select the cert and ctrl-c to copy.
- Expand Certificates - Local Computer > Trusted Root Certification Authorities > Certificates and ctrl-v to paste.
回答3:
I am just using this setting until it is fixed in Visual Studio:
chrome://flags/#allow-insecure-localhost
It just prevents having to allow the security exception each time but it will still show the SSL as invalid (red) in your browser bar.
回答4:
The solution provided by Chris does do the trick (thanks!), but ultimately this should be fixed by the visual studio team. You can vote here in order to bring this issue to their attention: https://developercommunity.visualstudio.com/content/problem/48596/visual-studio-2017-151-264037-crashing-during-code.html
回答5:
A more visual way to fix it is to use Jexus Manager to,
- Generate a new certificate.
- Let Windows (and Chrome) trust it.
- Bind it to the site.
I documented the exact steps in a blog post.
来源:https://stackoverflow.com/questions/43676993/how-do-i-change-my-iis-express-ssl-certificate-for-one-that-will-work-with-chrom