c# - 在 IISExpress 上运行的 ASP.NET Core 应用程序中的 HTTPS 错误 - PR_CONNECT_RESET_ERROR

Question

当我尝试在本地运行此应用程序时(启用 SSL 时)，

我总是得到这个提示安全连接的页面:
https://localhost:44300/

Secure Connection Failed

An error occurred during a connection to localhost:44300. PR_CONNECT_RESET_ERROR

1. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
2. Please contact the website owners to inform them of this problem.

到目前为止我已经尝试过:

添加自签名localhost带有此 Power Shell 命令的证书:

New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"

运行mmc.exe并导出 certificate由上述 Power Shell 脚本从

创建
[Console Root\Certificates (Local Computer)\Personal\Certificates]至[Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates .
到目前为止，这还没有奏效。如果我运行应用程序取消选中启用 SSL，它工作正常。
请就启用 SSL 的环境的可能解决方案提供建议。

Answer 1

重新生成 IIS Express localhost证书对我有用:

打开Windows PowerShell ISE使用管理员权限。

运行此脚本:

Start-Transcript -Path "$($MyInvocation.MyCommand.Path).log"
try {
    Write-Host "Creating cert resources"
    $ekuOidCollection = [System.Security.Cryptography.OidCollection]::new();
    $ekuOidCollection.Add([System.Security.Cryptography.Oid]::new("1.3.6.1.5.5.7.3.1","Server Authentication")) | Out-Null
    $sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new();
    $sanBuilder.AddDnsName("localhost") | Out-Null
    
    Write-Host "Creating cert extensions"
    $certificateExtensions = @(
        # Subject Alternative Name
        $sanBuilder.Build($true),        
        # ASP.NET Core OID
        [System.Security.Cryptography.X509Certificates.X509Extension]::new(
            "1.3.6.1.4.1.311.84.1.1",
            [System.Text.Encoding]::ASCII.GetBytes("IIS Express Development Certificate"),
            $false),
            # KeyUsage
            [System.Security.Cryptography.X509Certificates.X509KeyUsageExtension]::new(
                [System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment,
                $true),
                # Enhanced key usage
        [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]::new(
            $ekuOidCollection,
            $true),
            # Basic constraints
            [System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension]::new($false,$false,0,$true)
        )
    Write-Host "Creating cert parameters"
    $parameters = @{
        Subject = "localhost";
        KeyAlgorithm = "RSA";
        KeyLength = 2048;
        CertStoreLocation = "Cert:\LocalMachine\My";
        KeyExportPolicy = "Exportable";
        NotBefore = Get-Date;
        NotAfter = (Get-Date).AddYears(1);
        HashAlgorithm = "SHA256";
        Extension = $certificateExtensions;
        SuppressOid = @("2.5.29.14");
        FriendlyName = "IIS Express Development Certificate"
    }
    Write-Host "Creating cert"
    $cert = New-SelfSignedCertificate @parameters

    $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
    $rootStore.Open("MaxAllowed")
    $rootStore.Add($cert)
    $rootStore.Close()
    
    Write-Host "Creating port bindings"
    # Add an Http.Sys binding for port 44300-44399
    $command = 'netsh'
    for ($i=44300; $i -le 44399; $i++) {
        $optionsDelete = @('http', 'delete', 'sslcert', "ipport=0.0.0.0:$i")
        $optionsAdd = @('http', 'add', 'sslcert', "ipport=0.0.0.0:$i", "certhash=$($cert.Thumbprint)", 'appid={214124cd-d05b-4309-9af9-9caa44b2b74a}')
        Write-Host "Running $command $optionsDelete"
        & $command $optionsDelete
        Write-Host "Running $command $optionsAdd"
        & $command $optionsAdd
    } 
}
catch {
    Write-Error $_.Exception.Message
}
finally {
    Stop-Transcript
}

它现在应该可以正常工作了。
(脚本来自这个 Github 问题页面的@Shirhatti:https://github.com/dotnet/aspnetcore/issues/26437)