IISExpress ASP.NET 核心应用 运行 中的 HTTPS 错误 - PR_CONNECT_RESET_ERROR
HTTPS error in ASP.NET Core app running on IISExpress - PR_CONNECT_RESET_ERROR
当我尝试在本地 运行 此应用程序时(启用 SSL 时),
我总是看到这个抱怨安全连接的页面:
https://localhost:44300/
Secure Connection Failed
An error occurred during a connection to localhost:44300.
PR_CONNECT_RESET_ERROR
- The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
- Please contact the website owners to inform them of this problem.
到目前为止我尝试过的:
- 使用此 Power Shell 命令添加自签名
localhost
证书:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
- 运行
mmc.exe
并从 导出由上述 Power Shell 脚本创建的 certificate
[Console Root\Certificates (Local Computer)\Personal\Certificates]
至
[Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates
.
到目前为止这还没有奏效。如果我 运行 应用程序取消选中 启用 SSL,它工作正常。
请就启用 SSL 的环境的可能解决方案提出建议。
重新生成 IIS Express localhost
证书对我有用:
使用管理员权限打开 Windows PowerShell ISE
。
运行 这个脚本:
Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
Write-Host "Creating cert resources"
$ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
$ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
$sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
$sanBuilder.AddDnsName("localhost") | Out-Null
Write-Host "Creating cert extensions"
$certificateExtensions = @(
# Subject Alternative Name
$sanBuilder.Build($true),
# ASP.NET Core OID
[System.Security.Cryptography.X509Certificates.X509Extension]::new(
"1.3.6.1.4.1.311.84.1.1",
[System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
$false),
# KeyUsage
[System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
$true),
# Enhanced key usage
[System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
$ekuOidCollection,
$true),
# Basic constraints
[System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
)
Write-Host "Creating cert parameters"
$parameters = @{
Subject = "localhost";
KeyAlgorithm = "RSA";
KeyLength = 2048;
CertStoreLocation = "Cert:\LocalMachine\My";
KeyExportPolicy = "Exportable";
NotBefore = Get-Date;
NotAfter = (Get-Date).AddYears(1);
HashAlgorithm = "SHA256";
Extension = $certificateExtensions;
SuppressOid = @("2.5.29.14");
FriendlyName = "IIS Express Development Certificate"
}
Write-Host "Creating cert"
$cert = New-SelfSignedCertificate @parameters
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Write-Host "Creating port bindings"
# Add an Http.Sys binding for port 44300-44399
$command = 'netsh'
for ($i=44300; $i -le 44399; $i++) {
$optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
$optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
Write-Host "Running $command $optionsDelete"
& $command $optionsDelete
Write-Host "Running $command $optionsAdd"
& $command $optionsAdd
}
}
catch {
Write-Error $_.Exception.Message
}
finally {
Stop-Transcript
}
现在应该可以正常工作了。
(该脚本来自此 Github 问题页面的@Shirhatti:https://github.com/dotnet/aspnetcore/issues/26437)
当我尝试在本地 运行 此应用程序时(启用 SSL 时),
我总是看到这个抱怨安全连接的页面:
https://localhost:44300/
Secure Connection Failed
An error occurred during a connection to localhost:44300. PR_CONNECT_RESET_ERROR
- The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
- Please contact the website owners to inform them of this problem.
到目前为止我尝试过的:
- 使用此 Power Shell 命令添加自签名
localhost
证书:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
- 运行
mmc.exe
并从 导出由上述 Power Shell 脚本创建的
certificate
[Console Root\Certificates (Local Computer)\Personal\Certificates]
至
[Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates
.
到目前为止这还没有奏效。如果我 运行 应用程序取消选中 启用 SSL,它工作正常。
请就启用 SSL 的环境的可能解决方案提出建议。
重新生成 IIS Express localhost
证书对我有用:
使用管理员权限打开
Windows PowerShell ISE
。运行 这个脚本:
Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
Write-Host "Creating cert resources"
$ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
$ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
$sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
$sanBuilder.AddDnsName("localhost") | Out-Null
Write-Host "Creating cert extensions"
$certificateExtensions = @(
# Subject Alternative Name
$sanBuilder.Build($true),
# ASP.NET Core OID
[System.Security.Cryptography.X509Certificates.X509Extension]::new(
"1.3.6.1.4.1.311.84.1.1",
[System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
$false),
# KeyUsage
[System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
$true),
# Enhanced key usage
[System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
$ekuOidCollection,
$true),
# Basic constraints
[System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
)
Write-Host "Creating cert parameters"
$parameters = @{
Subject = "localhost";
KeyAlgorithm = "RSA";
KeyLength = 2048;
CertStoreLocation = "Cert:\LocalMachine\My";
KeyExportPolicy = "Exportable";
NotBefore = Get-Date;
NotAfter = (Get-Date).AddYears(1);
HashAlgorithm = "SHA256";
Extension = $certificateExtensions;
SuppressOid = @("2.5.29.14");
FriendlyName = "IIS Express Development Certificate"
}
Write-Host "Creating cert"
$cert = New-SelfSignedCertificate @parameters
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Write-Host "Creating port bindings"
# Add an Http.Sys binding for port 44300-44399
$command = 'netsh'
for ($i=44300; $i -le 44399; $i++) {
$optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
$optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
Write-Host "Running $command $optionsDelete"
& $command $optionsDelete
Write-Host "Running $command $optionsAdd"
& $command $optionsAdd
}
}
catch {
Write-Error $_.Exception.Message
}
finally {
Stop-Transcript
}
现在应该可以正常工作了。
(该脚本来自此 Github 问题页面的@Shirhatti:https://github.com/dotnet/aspnetcore/issues/26437)