I'm using the new Visual Studio 2013 with IISExpress for the first time (previously used ASP.net Development server on VS2010). I'm running into issues trying to debug my project.

This is what I see in Chrome:

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error code: ERR_SSL_PROTOCOL_ERROR

I updated my Properies -> web file so that the Project Url uses a https URL now. However, after doing that, I now get a new error when launching:

The connection to localhost was interrupted. Error code: ERR_CONNECTION_RESET

Thanks

If you're using URLRewrite to force SSL connections in your web.config, it's probably rewriting your localhost address to force https. If debugging with SSL enabled isn't important to you and you're using URLRewrite, consider adding <add input="{HTTP_HOST}" pattern="localhost" negate="true" /> into your web.config file's rewrite section. It will stop the rewrite for any localhost addresses but leave it in place in a production environment. If you're not using URLRewrite or need to debug using SSL, http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx might help. It's for VS2010, but should suffice for VS2013 as well.

I was getting ERR_CONNECTION_RESET because my Visual Studio 2013/IIS Express configured app port number was NOT in the range :44300-:44398. (I don't recall having to dismiss any warnings to get out of that range.) Changing the port number to something in this range is all I had to do to make it work.

I noticed this after reviewing the netsh http show sslcert > sslcert.txt output and something clicking with stuff I read recently about the port numbers.

Make sure to remove any previous 'localhost' certificates as those could conflict with the one generated by IIS Express. I had this same error (ERR_SSL_PROTOCOL_ERROR), and it took me many hours to finally figure it out after trying out many many "solutions". My mistake was that I had created my own 'localhost' certificate and there were two of them. I had to delete both and have IIS Express recreate it.

Here is how you can check for and remove 'localhost' certificate:

• On Start, type -> mmc.exe
• File -> Add/Remove Snap-in...
• Select Certificates -> Add> -> Computer account -> Local computer
• Check under Certificates > Personal > Certificates
• Make sure the localhost certificate that exist has a friendly name "IIS Express Development Certificate". If not, delete it. Or if multiple, delete all.

On Visual Studio, select project and under property tab, enable SSL=true. Save, Build and Run. IIS Express will generate a new 'localhost' certificate.

Note: If it doesn't work, try these: make sure to disable IIS Express on VS project and stopping all running app on it prior to removing 'localhost' certificate. Also, you can go to 'control panel > programs' and Repair IIS Express.

I am summarizing the steps that helped me in resolving this issue:

1. Make sure the SSL port range(used by IIS express) is between 44300-44398

During installation, IIS Express uses Http.sys to reserve ports 44300 through 44399 for SSL use. This enables standard users (without elevated privileges) of IISExpress to configure and use SSL. For more details on this refer here

2. Run the below command as administrator in Command prompt. This will output the SSL Certificate bindings in the computer. From this list, find out the certificate used by IIS express for the corresponding port :

netsh http show sslcert > sslcert.txt

3. Look for the below items in the sslcert.txt (in my case the IIS express was running at port 44300)

IP:port : 0.0.0.0:44300

Certificate Hash : eb380ba6bd10fb4f597cXXXXXXXXXX

Application ID : {214124cd-d05b-4309-XXX-XXXXXXX}

4. Also look in the IIS express management console (RUN (Ctrl+R) -> inetmgr.exe) and find if the corresponding certificate exists in the Server Certificates

(Click on the ServerRoot -> under section IIS () -> Open the Server Certificates)

5. If your localhost by default uses a different certificate other than the one listed in Step 3, continue with the below steps

netsh http delete sslcert ipport=0.0.0.0:44300

netsh http add sslcert ipport=0.0.0.0:44300 certhash=New_Certificate_Hash_without_space appid={214124cd-d05b-4309-XXX-XXXXXXX}

The New_Certificate_Hash will be your default certificate tied-up with your localhost (That we found in step 4) or the one which you want to add as a new certificate.

P.S. Thank you for your answer uosɐſ (which helped me in resolving this issue)

The problem that I was experiencing had to do with me, at some point in time, enabling HSTS for localhost and not realizing that this would break my http://localhost:someport in IIS Express.

HSTS tells the browser (Chrome in my case) to ALWAYS request a URL using HTTPS. So therefor even though I hadnt even enabled SSL for my MVC 5 app, the browser would still try to access my site using HTTPS in the URL instead of HTTP.

The fix?

1. Surf to chrome://net-internals/#hsts
2. In the delete section, enter "localhost" and delete the record from Chrome.

None of the above options worked for me. I had to do the following:

1. Uninstalled IIS Express 8.0
2. Deleted all the configurations in my Documents directory for IIS Express
3. Reinstalled IIS Express 8.0
4. Deleted the project on my local machine and downloaded a clean version for TFS
5. Ran the project - it then ran over SSL and I am able to debug

I got the steps from this thread.

Hope this helps.

In my case, I created a self-signed certificate and had it working, except I was getting an error in the browser because the certificate was untrusted. So, I moved the cert into the Trusted Root Certification Authorities > Certificates folder in the Certificates snapin. It worked, and then I closed Visual Studio for the day.

The following day, I started my project and I received the error mentioned in the original question. The issue is that the certificate you configured IISExpress with must exist in the Personal > Certificates folder or HTTPS will stop working. Once IIS Express successfully starts, you can drag the cert back to the trusted location. It'll continue to work until you restart IIS Express.

Not wanting to fuss with dragging the cert back and forth every time, I just place a copy of the certificate in both places and now everything works fine.

I have a same problem in Visual Studio 2015. Because I use SSL binding in web.config

<rewrite>
   <rules>   
     <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
       <match url="(.*)" />
       <conditions>
          <add input="{HTTPS}" pattern="off" />
       </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
     </rule>
   </rules>
</rewrite>

And I can fix the problem with the answer of Mr.djroedger. By replacing

<add input="{HTTPS}" pattern="off" />

with

<add input="{HTTP_HOST}" pattern="localhost" negate="true" />

into my web.config, so my code is

<rewrite>
  <rules>   
    <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
         <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
      </conditions>
         <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
    </rule>
 </rules>
</rewrite>

I was having this problem, I had configured my site for global require https in FilterConfig.cs.

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
        filters.Add(new RequireHttpsAttribute());
    }

I had forgotten to change the project url to https: from this tutorial http://azure.microsoft.com/en-us/documentation/articles/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database/ under ENABLE SSL part 4. This caused the errors you were getting.

Another problem that happened me twice:
In IIS Express's applicationhost.config the order of the bindings does matter. One binding could take precedence over your SSL binding, making it not working.

Example:

<site name="MySite007" id="1">
    <application path="/" applicationPool="Clr4IntegratedAppPool">
        <virtualDirectory path="/" physicalPath="C:\Users\myuser\projects\mysolutionfolder\MyProject.Service" />
    </application>
    <bindings>
        <binding protocol="http" bindingInformation=":8081:localhost" />
        <binding protocol="http" bindingInformation=":8080:" /><!-- evil binding -->
        <binding protocol="https" bindingInformation="*:44327:localhost" />
    </bindings>
</site>

You may have added a binding similar to the second one to be able to access your WebService from outside localhost. Because this binding listens on any adress, it seems to override the SSL binding although a different port was used.

Remove the evil binding or move it down.

This is anecdotal as overheard from a co-worker, but allegedly this is an issue with chrome forcing https. I usually launch in firefox so i hadn't seen this problem before. Using firefox or ie worked for my co-worker.

Removing IISExpress and vs directories and using ssl port range of 44300 to 44399 (inclusive) from this article worked for me

The 'Digicert certificate installation checker' is often helpful in situations like this.

I was able to verify the SSL cert being attempted was the one I was expecting by comparing the serial number.

For me @Jason Kleban answer was the actual problem, but this can be a very useful utility to check your basic assertions about what certificate is being loaded.

If you need to use a port outside of the 44300-44399 range, here's a workaround:

• Create a new site in IIS (not Express)
• Bind HTTPS to the port you need
• For SSL Certificate, choose IIS Express Development Certificate
• Once the site is created, stop it, since it doesn't actually need to be running

This registers the IIS Express Development certificate with that port and is the easiest way I've found to get around the 44300-44399 range requirement.

My problem was caused by Fiddler. When Fiddler crashes it occasionally messes with your proxy settings. Simply launching Fiddler seemed to fix everything (perhaps it repairs itself somehow).

I'd just rebuilt my computer. This thread gave me the clues, where I realized in the project settings>Web, the project was configured to use HTTP and the HTTP port. By updating it to HTTPS and the correct HTTPS port, everything started to work again.

To follow on to other answers about setting the SSL port between 44300 and 44399, I was unable to change the SSL Enabled property in Visual Studio, nor set a specific SSL URL. Other answers, like repairing IIS Express did not help. The solution was to go into the .vs folder parallel to the sln file, open the config subfolder, and then edit the applicationhost.config file. Then, I added the https line manually and restarted VS.

<binding protocol="http" bindingInformation="*:24941:localhost" />
                <binding protocol="https" bindingInformation="*:44301:localhost" />

In my case I'd simply forgotten I had a binding set up for (in my case) https://localhost:44300 in full IIS. You can't have both!

In my case, the localhost url was redirected to https://localhost when I was debugging. This happened from one moment to other, without changing anything. I solved this by making a hard reload to the browser. Here the link