IISExpress ASP.NET 核心应用 运行 中的 HTTPS 错误 - PR_CONNECT_RESET_ERROR

HTTPS error in ASP.NET Core app running on IISExpress - PR_CONNECT_RESET_ERROR

当我尝试在本地 运行 此应用程序时(启用 SSL 时),

我总是看到这个抱怨安全连接的页面:

https://localhost:44300/

Secure Connection Failed

An error occurred during a connection to localhost:44300. PR_CONNECT_RESET_ERROR

  1. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  2. Please contact the website owners to inform them of this problem.

到目前为止我尝试过的:

  1. 使用此 Power Shell 命令添加自签名 localhost 证书:

New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"

  1. 运行 mmc.exe 并从
    2. 导出由上述 Power Shell 脚本创建的 certificate

[Console Root\Certificates (Local Computer)\Personal\Certificates]

[Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates.

到目前为止这还没有奏效。如果我 运行 应用程序取消选中 启用 SSL,它工作正常。

请就启用 SSL 的环境的可能解决方案提出建议。

重新生成 IIS Express localhost 证书对我有用:

  1. 使用管理员权限打开 Windows PowerShell ISE

  2. 运行 这个脚本:

Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
    Write-Host "Creating cert resources"
    $ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
    $ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
    $sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
    $sanBuilder.AddDnsName("localhost") | Out-Null
    
    Write-Host "Creating cert extensions"
    $certificateExtensions = @(
        # Subject Alternative Name
        $sanBuilder.Build($true),        
        # ASP.NET Core OID
        [System.Security.Cryptography.X509Certificates.X509Extension]::new(
            "1.3.6.1.4.1.311.84.1.1",
            [System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
            $false),
            # KeyUsage
            [System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
                [System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
                $true),
                # Enhanced key usage
        [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
            $ekuOidCollection,
            $true),
            # Basic constraints
            [System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
        )
    Write-Host "Creating cert parameters"
    $parameters = @{
        Subject = "localhost";
        KeyAlgorithm = "RSA";
        KeyLength = 2048;
        CertStoreLocation = "Cert:\LocalMachine\My";
        KeyExportPolicy = "Exportable";
        NotBefore = Get-Date;
        NotAfter = (Get-Date).AddYears(1);
        HashAlgorithm = "SHA256";
        Extension = $certificateExtensions;
        SuppressOid = @("2.5.29.14");
        FriendlyName = "IIS Express Development Certificate"
    }
    Write-Host "Creating cert"
    $cert = New-SelfSignedCertificate @parameters

    $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
    $rootStore.Open("MaxAllowed")
    $rootStore.Add($cert)
    $rootStore.Close()
    
    Write-Host "Creating port bindings"
    # Add an Http.Sys binding for port 44300-44399
    $command = 'netsh'
    for ($i=44300; $i -le 44399; $i++) {
        $optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
        $optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
        Write-Host "Running $command $optionsDelete"
        & $command $optionsDelete
        Write-Host "Running $command $optionsAdd"
        & $command $optionsAdd
    } 
}
catch {
    Write-Error $_.Exception.Message
}
finally {
    Stop-Transcript
}

现在应该可以正常工作了。

(该脚本来自此 Github 问题页面的@Shirhatti:https://github.com/dotnet/aspnetcore/issues/26437