CODEWITHSUNDEEP
asp.net-core-mvcssl-certificateidentityserver4
Alexu
Alexu

Reputation: 1195

identityserver4 the remote certificate is invalid because of errors in the certificate chain: untrustedroot

I am hosting my IdentityServer, Web API and MVC client apps all with IIS server, under HTTPS. When I run the my MVC client I get the following error back (note - 6009 is the port of my MVC client and 6005 is the port of my IdentityServer):

enter image description here

I am using IIS Express Development Certificate for all projects when I configure them in IIS:

enter image description here

and I copied the certificate from the personal store to the trusted root as the following:

enter image description here

and here is the details of the cert:

enter image description here

what else am I missing here?

Upvotes: 3

Views: 20839

Answers (2)

Rubbertjuh
Rubbertjuh

Reputation: 145

For me, neither dotnet dev-certs https --clean/trust nor manually cleaning the Windows certificate stores worked out.

Since I was using Docker and Kestrel (instead of ISS), for some reason, it was using outdated certificates located under: C:\Users\<user>\AppData\Roaming\ASP.NET\Https\<project-name>.pfx The dotnet dev-certs https --clean command did not clean up the certificates in this directory.

After cleaning the certificates in this directory, everything worked again. I'm aware that your problem is already resolved, but since this is a common issue I figured I would also post my solution here.

Related issue about why the clean command does not clean these certs can be found here: https://github.com/dotnet/aspnetcore/issues/15357

Upvotes: 13

Yiyi You
Yiyi You

Reputation: 18209

You can refer to the official link,and try the commands in it.

dotnet dev-certs https --clean
dotnet dev-certs https --trust

Upvotes: 10

Related Questions