Post

Why Chrome Says IIS Express HTTPS Is Not Secure And How to Resolve That

This post would show you how to resolve the issue that Chrome says HTTPS is not secure for web apps hosted on IIS Express.

Why Chrome Says IIS Express HTTPS Is Not Secure And How to Resolve That

Jexus Manager can be downloaded from https://www.jexusmanager.com

Recently Google updates Chrome to warn on certificates, who only contains CN (Common Name) but no corresponding SAN (Service Alternative Name). This leads to the following error message if you try to test out HTTPS pages on IIS Express by using the default certificate,

img-description Figure 1: Chrome error page.

Your connection is not private Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

img-description Figure 2: Test site using IIS Express Development Certificate.

If you search around, there are many methods to fix this issue. So below I only demonstrate how to use Jexus Manager to quickly resolve it.

Step 1: Generate a new certificate to match Chrome’s requirements.

The details can be found in this article, and for this specific case, you should set “localhost” as custom name, and give the certificate a friendly name (“new” for example). All other fields can use the default values.

Step 2: Let Windows trust this certificate

So in just a few clicks you can get it done.

Step 3: Change the site binding to use the new certificate

Go back to the site binding dialog and choose the new certificate instead,

img-description Figure 3: Test site using new certificate.

and Chrome is now happy to accept it,

img-description Figure 4: Chrome accepts the new certificate.

© Lex Li. All rights reserved. The code included is licensed under CC BY 4.0 unless otherwise noted.
Advertisement