Your connection is not private NET::ERR_CERT_COMMON_NAME_INVALID

Question

While debugging a local ASP.NET application on Chrome for localhost Https site it's giving error:

Your connection is not private NET::ERR_CERT_COMMON_NAME_INVALID.

I am not able to open localhost without https. How can I resolve this to be able to debug?

---

Answer 1

If you did all that was mentioned in here and it didn't work - try restarting your machine. It worked for me.

Answer 2

2024:

• I created a new ASP Net core app with conf Https.
• I launched a newly created project.
• I said yes in both dialog boxes.
• I got this error.
• I found this answer.
• Instead of these solutions, just close and open your browser, it'll update certificates and the error will disappear.
• Enjoy.

Answer 3

What worked in my case for Edge with no admin rights on my VDI workstation:

• Open Manage User certificates
• Go to Trusted Root Certification Authorities \ Certificates and see if you have a valid certificate with the friendly name IIS Express Development Certificate

If you do:

• Delete any localhost certificate that may exist in the Personal \ Certificates
• Export the IIS Express Development Certificate from Trusted Root.. and import it to Personal \ Certificates. (I think copy/paste would have worked as well. )

After that I relunched the app from Visual Studio and the error disappeared.

Answer 4

For angular apps using ng serve, you might have something like this in your package.json file:

"start:windows": "ng serve --port 44470 --ssl --ssl-cert %APPDATA%\\ASP.NET\\https\\%npm_package_name%.pem --ssl-key %APPDATA%\\ASP.NET\\https\\%npm_package_name%.key",

Go to that folder, e.g. C:\Users\{username}\AppData\Roaming\ASP.NET\https, and delete the .key and .pem files for your project. Next time you run it should regenerate them correctly - the regeneration is done by the following command which should be in your package.json file, and gets exectuted when you run your app:

"prestart": "node aspnetcore-https"

Answer 5

Finally banging head on desk for two days I found this setting in chrome://flags/ to Allow invalid certificates for resources loaded from localhost. finally no disable all certificate error, only for localhost. Adding answer for someone struggling with same issue.

For Edge

Answer 6

If you will not found above flags then please follow below steps:

1. chrome://flags/
2. Then find WebTransport Developer Mode
3. enable that and then run your project.

Answer 7

Probably not a real fix but if you are in a hurry try to change the web browser target to Microsoft Edge.

Answer 8

Running visual studio 2022 as administrator solved my problem.

Answer 9

It's 2022 now and web everywhere is using https protocol. Sooner or later the hacks and workarounds in this post will become more and more annoying or not work anymore. If you are developing web applications, even for testing, you will need to either get a free SSL certificate or issue your own certificate for in-house uses.

For free certificates, there are three popular web sites providing this service:

1. https://www.sslforfree.com/
2. https://letsencrypt.org/
3. https://zerossl.com/

If you're developing a local web application for your company intranet, you should generate your own SSL certificate using OpenSSL with the information below.

If you would like to generate your own certificates for different purposes, using the latest OpenSSL tool (version 3.0 series) becomes very convenient and relatively easy, too. Just follow the steps listed on this SocketTools page. https://sockettools.com/kb/creating-certificate-using-openssl/

I have just completed and make our internal web server and application free of security warnings on any browsers. Once you've got familiar with the simple commands and you will be able to expand the OpenSSL uses to other web application projects.

Answer 10

We have found that the best (and only) way to override Chrome is to type the phrase thisisunsafe at the Chrome generated webpage that blocks you. Just type the text directly to the page; there will be no text entry box.
We have servers on an internal network which use SSL but which are not externally signed and this is the only way to get to them.

Answer 11

There is a short explanation over at serverfault as to what changed in the RFC spec to cause this. One of the suggestions is to use or add the IP address (presumably 127.0.0.1) to the name 'localhost' for the DNS property of the self-signed cert.

If you use the dotnet core tool: dotnet dev-certs https --trust (or run the export per instructions in devcontainer.json) the localhost certificate generated will use only the name 'localhost'.

But there are other options for generating self-signed certs including Powershell. But...rather than follow the older syntax, use Example #9 as found on the New-SelfSignedCertificate docs:

New-SelfSignedCertificate -Subject "localhost" -TextExtension @("2.5.29.17={text}DNS=localhost&IPAddress=127.0.0.1&IPAddress=::1")

This appears to resolve the cert error in Chrome (96.0.4664.45). It's necessary to close and re-open Chrome after generating the new cert and incorporating it into your web project or container.

Answer 12

I also had the same problem. By default Chrome uses google.com which didn't work for me but google.com.bd worked for me(I live in Bangladesh). So if u live in for example in the UK, google.com.uk might work.

Go to this link it will help, https://superuser.com/questions/169014/chrome-set-search-bar-to-google-co-uk-not-google-com

Answer 13

Just figured out how to solve this! Click on the Debug tab in the top menu and click on Debug Properties (right below Options), then scroll down and uncheck Enable SSL. Now try debugging your application again and it should work! It may take a minute to load but it definitely solves the problem...

Answer 14

Just when the page loads, don't click on page and type: thisisunsafe.

Page will automatically refresh and will load the content.

Answer 15

I was trying to run my first .net Core web app in chrome and had same error. Using Version 84.0.4147.135 of Chrome. To Resolve (quick fix),

1. When you run the application you will see two options 'Advanced' and 'Back to safety' on page, shown by chrome browser.

2. Click Advanced button, it will show you 'Proceed to localhost(unsafe)'. Click that and your application should work. (I know above one is not a actual fix. The actual resolution is about adding localhost certificate as trusted root certificate.)

3. If you want to install certificate - When you will see error and if you click on error - 'NET::ERR_CERT_AUTHORITY_INVALID' it will show you certificate. Copy that and install into trusted root. I tried that however it didn't resolved my issue. I will update it if get resolution to this.

Answer 16

You can copy this tag and add to Google Chrome shortcut to bypass this warning permanently.

--ignore-certificate-errors

Updated - March 2020: Adding the above tag to Google Chrome shortcut does not work anymore. In order to temporarily turn off or bypass this annoying warning from Google Chrome, to go chrome://flags and search for this following entry:

Allow invalid certificates for resources loaded from localhost

After that, enable the option and restart your Google Chrome browser. By doing so, you can bypass the alert as long as you want until you turn off the option.

Source: Fix Your Connection Is Not Private Error In Your Browser

Answer 17

I had similar problem when I tried to use my self signed certificate and run my xhtml app in browser under https and with tomcat. What I did:

1. in java's RE dir (usually Program Files\Java\jre1.8.0_202\bin) there is keytool and in command line I used this:

   keytool -genkey -alias example -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 3650 -keystore "C:\yourdir\yourkeystore.jks" -ext san=dns:localhost,dns:yourdesktophostname,ip:127.0.0.1,ip:::1
   

Answer questions to create certificate which is created for 10 years, SHA-2 and what Chrome needs more: san(SubjectAlternateName).

2. I added below lines to tomcat's server.xml (usually Program Files\Apacha Software...\conf:

   <Connector port="yourportnumber" protocol="org.apache.coyote.http11.Http11NioProtocol"
                  maxThreads="150" SSLEnabled="true"
                  compression="on" scheme="https" secure="true"
                  keystoreFile="conf/yourkeystore.jks"
                  keystorePass="yourpassword"
                  SSLVerifyClient="none" SSLProtocol="TLSv1.2"/>
   

   Restart Tomcat.

3. Open the localhost address in Chrome browser (https:\localhost:yourport). It will tell "Not secure" at left side of address line and https crossed out Click on it and in that window press on certificate (invalid). It opens the certificate window and press on Details tab and press on copy to file button. Create crt file as instructed.

4. Open up Chrome Settings > Show advanced settings > HTTPS/SSL > Manage Certificates. Select Trusted Roots tab and import the crt file here. Edit this certificate and mark all check boxes.

Restart Chrome

Answer 18

I ran into this error and my problem turned out to be Charles (it's a web debugging proxying app). I needed to install a SSL Proxy Certificate for Charles.

1. Go to Help menu
2. SSL Proxying -> Install Charles Root Certificate
3. Open Keychain Access and enable/allow it

If you don't use Charles then obviously this answer doesn't help you at all.