22

I am consistenly receiving the following error when developing and authenticating locally in Visual Studio:

AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotValidTime, UntrustedRoot

Among others, it happens when using HttpClient to call one of our backend-endpoints (localhost) from one of our projects, so it all happens locally.

The certificate was signed/valid from this date last year, and has now run out after a year. None of the other developers on my team are receiving it or had the same problem.

I have then tried a lot of stuff, among others:

We don't have a centralized authentication procedure - it is spread around the system in various places and scenarios, so I am not able to use workarounds like if #DEBUG... //then ignore certificates. I need to generate a valid certificate correctly.

Improve this question
0

5 Answers 5

Reset to default
21

In my case, my domain's SSL certificate has expired. So, please check your domain certificate expiry date. The solution is to renew the domain certificate.

Temporary solution: Skip SSL certificate validation.

var handler = new HttpClientHandler();
//handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ServerCertificateCustomValidationCallback = 
    (httpRequestMessage, cert, cetChain, policyErrors) =>
{
    return true;
};

var client = new HttpClient(handler);

Ref.: https://stackoverflow.com/a/46626858/672891

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

ClientCertificateOption.Manual is the default: learn.microsoft.com/en-us/dotnet/api/…
15

Cleaning all private keys from the following folder did the trick (I only had one, that I just renamed, which did the trick):

C:\Users\{User}\AppData\Roaming\ASP.NET\Https

Credit to this SO-post answer for the solution.

Improve this answer

6 Comments

jade serpent guide you
I have experienced the same error but I don't have the ASP.NET folder in AppData\Roaming. Where else can I look?
@RealSollyM AppData folder is hidden by default (I believe). You need to change folder settings, so that you also see hidden folders
@mnc - There is no ASP.NET folder at all in my AppData\Roaming folder. I have enabled hidden items but it is still not there. And when I try to type the folder directly, I get the "Windows can't find ... Check the spelling and try again" error message.
@RealSollyM If you don't have the ASP.NET/Https folder, then I assume you don't have generated any certificates (because the folder only contains trusted certificates, as far as I know). Maybe you need to generate or trust https certificates. You can, among others, see how to do that in the 'SO-post answer' that I linked to above - I think its something like dotnet dev-certs https ––clean, dotnet dev-certs https ––trust etc
|
5

First enter these two commands

dotnet dev-certs https --clean
dotnet dev-certs https --trust

Then delete all the files in this path:

C:\Users\{User Name}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
Improve this answer

1 Comment

dotnet dev-certs https --trust [just this command work for me]
4

Delete your offending localhost certificates:

Control Panel -> Internet Options - > Content tab.

  1. Click Certificates and remove the ones you no longer require.
  2. Click the Clear SSL State button.

Follow instructions here to recreate new certificate for each of your localhost sites, paying attention to the port number:

https://improveandrepeat.com/2020/05/recreate-the-self-signed-https-certificate-for-localhost-in-iis-express

Improve this answer

2 Comments

Thanks a lot for the help. The problem has been solved in the meanwhile, and I have posted the solution I used in another answer, in case you are interested. I didn't get to try your solution in time, so that may also have worked.
I had the same issue this morning and my solution worked for me. Yours looks easier though!
0

Other thing that can be done in case you need it for local development and the server itself has issue with the certificate like it being issued by a root that is not common or not trusted by your machine. You can go to the website and follow these steps": Security of a website

Exporting a certificate

After downloading its root (i downloaded the whole chain but i supose only the root is needed) you can then install it and add it to your Trusted Root Folder by opening the downloaded certificate

Installing a certificate

Adding to trusted root folder

Not sure if that is safe to do but if you are working with websites that are owned by a secure source I suppose it's okay. Also I suppose that is all possible to happen on only non-prod envs, but still like other solutions I suggest not depending on it on prod. Not sure if it's even doable on non-local.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.