在 IISExpress 上运行的 ASP.NET Core 应用程序中的 HTTPS 错误 - PR_CONNECT_RESET_ERROR
Ash*_*h K 2 c# ssl ssl-certificate iis-express asp.net-core
当我尝试在本地运行此应用程序时(启用 SSL 时),
我总是看到这个页面抱怨安全连接:
https://localhost:44300/
安全连接失败
连接到 localhost:44300 期间发生错误。PR_CONNECT_RESET_ERROR
- 由于无法验证接收到的数据的真实性,因此无法显示您尝试查看的页面。
- 请联系网站所有者以告知他们此问题。
到目前为止我尝试过的:
localhost使用此 Power Shell 命令添加自签名证书:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
- 运行
mmc.exe并导出certificate由上面的 Power Shell 脚本创建的
[Console Root\Certificates (Local Computer)\Personal\Certificates]
到
[Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates.
到目前为止,这还没有奏效。如果我运行应用程序取消选中Enable SSL,它工作正常。
请为启用 SSL 的环境提供可能的解决方案。
重新生成 IIS Expresslocalhost证书对我有用:
Windows PowerShell ISE使用管理员权限打开。运行这个脚本:
Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
Write-Host "Creating cert resources"
$ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
$ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
$sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
$sanBuilder.AddDnsName("localhost") | Out-Null
Write-Host "Creating cert extensions"
$certificateExtensions = @(
# Subject Alternative Name
$sanBuilder.Build($true),
# ASP.NET Core OID
[System.Security.Cryptography.X509Certificates.X509Extension]::new(
"1.3.6.1.4.1.311.84.1.1",
[System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
$false),
# KeyUsage
[System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
$true),
# Enhanced key usage
[System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
$ekuOidCollection,
$true),
# Basic constraints
[System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
)
Write-Host "Creating cert parameters"
$parameters = @{
Subject = "localhost";
KeyAlgorithm = "RSA";
KeyLength = 2048;
CertStoreLocation = "Cert:\LocalMachine\My";
KeyExportPolicy = "Exportable";
NotBefore = Get-Date;
NotAfter = (Get-Date).AddYears(1);
HashAlgorithm = "SHA256";
Extension = $certificateExtensions;
SuppressOid = @("2.5.29.14");
FriendlyName = "IIS Express Development Certificate"
}
Write-Host "Creating cert"
$cert = New-SelfSignedCertificate @parameters
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Write-Host "Creating port bindings"
# Add an Http.Sys binding for port 44300-44399
$command = 'netsh'
for ($i=44300; $i -le 44399; $i++) {
$optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
$optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
Write-Host "Running $command $optionsDelete"
& $command $optionsDelete
Write-Host "Running $command $optionsAdd"
& $command $optionsAdd
}
}
catch {
Write-Error $_.Exception.Message
}
finally {
Stop-Transcript
}
现在应该可以正常工作了。
(该脚本来自此 Github 问题页面的 @Shirhatti:https : //github.com/dotnet/aspnetcore/issues/26437)
| 归档时间: |
|
| 查看次数: |
1113 次 |
| 最近记录: |