-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IIS complains about missing intermediates #148
Comments
The password is “changeit” (for unfortunate legacy PKCS#12 reasons). The output of mkcert should have mentioned it, didn’t it? |
@FiloSottile OMG sorry about that, RTFM!!!! It does indeed say that. My apologies for being like a typical user and not reading things. |
It’s ok, we all glance over things from time to time :) |
That’s weird, as mkcert does not use intermediates. The message says “installed”, maybe it wants the root in the system store? In that case running “mkcert -install” might fix it, but that would be a weird requirement. |
I’m afraid we have to wait for someone who actually dealt with IIS, I have never actually used it. |
When using the certificate locally I don't get this issue but when I move it to a VM I get the same error. Looking at my local machine I have a Certificate created and it is using that (Named "mkcert {Domain}{Username}"). I exported this certificate as .p7b and then imported this on my VM and no longer saw this message pop up in IIS. |
My case was Windows 10 running on bare metal. |
If you go to MMC > Certificates > Choose the Certificate > Certification Path, does this certificate appear at the top level or as a sub certificate? |
I'm having the same problem. Did somebody find a solution ? |
I did both options. But the moment i save the Binding on IIS the intermediate certificates error appears. Viewing the certificate, everything is ok And when i use Chrome to browse the site, it shows as secured site. But then , when my app in .NET Core tries to download a file from the site it gives:
I assume the error is the same that IIS is showing when saving the binding. |
I think the issue with .Net Core is It looks like the Subject Alternate Name for the certificate in IIS is "2021-06-24.localtest.me" whereas the binding is localhost which is causing a mismatch preventing the .Net Core application from trusting the certificate. However I have also found this can be due to the server not trusting the Certificate, to fix this I normally copy the Certificate (and any parents) into Trusted Root CA folder (In MMC) however recently on occasion I have had to add them to Trusted People as well. |
Installing on Trusted Root CA folder (In MMC) solved the issue ! After installing the generated localhost.pfx certificate, IIS doesn't give the warning message anymore, and .NET Core also trust the certificate. It looks like the Subject Alternate Name for the certificate in IIS is "2021-06-24.localtest.me" whereas the binding is localhost which is causing a mismatch preventing the .Net Core application from trusting the certificate |
I've just hit this issue. The problem is that 'mkcert -install' is installing the root CA cert in the Current User Store, and IIS is using the Machine (Local Computer) Store. When the localhost cert is installed in IIS this puts it in the Machine Store - the CA Cert is missing from the chain because its in a different store - the Current User Store. Fixing #550 would likely address this issue more permanently, but the workaround is to just export the root CA cert from the Current User Store (certmgr) and import it into Trusted Root Certification in the Local Computer Store (certlm). Worked for me (Windows 11) |
Hi,
Generated my new wildcard certificate as:
I then go to IIS > Server Certificates and try and import it but am prompted for a password?
What am I missing here? It is not my login password.
The text was updated successfully, but these errors were encountered: