How to fix: An error has occurred while trusting the certificate: System.Security.Cryptography.CryptographicException: Access is denied.

De Wet 5 Reputation points
2023-11-14T09:03:09.51+00:00

I am developing a .net Core 7 API using Visual Studio. I enabled HttpsRedirection and all seemed fine, until I suddenly started getting this error from my browser: NET::ERR_CERT_AUTHORITY_INVALID.

I tried the following command in CMD Administrator mode to trust the certificate:

dotnet dev-certs https --trust -v

The command produces the following output:

Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
[1] Listing certificates from CurrentUser\My
[2] Found certificates: 1 certificate
    1) DECC86D14FE509AFF72B64EE601B09D67F7558DC - CN=localhost - Valid from 2023-11-14 10:31:38Z to 2024-11-13 10:31:38Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[3] Checking certificates validity
[4] Valid certificates: 1 certificate
    1) DECC86D14FE509AFF72B64EE601B09D67F7558DC - CN=localhost - Valid from 2023-11-14 10:31:38Z to 2024-11-13 10:31:38Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
[1] Listing certificates from LocalMachine\My
[2] Found certificates: no certificates
[3] Checking certificates validity
[4] Valid certificates: no certificates
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
[8] Filtered certificates: 1 certificate
    1) DECC86D14FE509AFF72B64EE601B09D67F7558DC - CN=localhost - Valid from 2023-11-14 10:31:38Z to 2024-11-13 10:31:38Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[9] Excluded certificates: no certificates
[14] Valid certificates: 1 certificate
    1) DECC86D14FE509AFF72B64EE601B09D67F7558DC - CN=localhost - Valid from 2023-11-14 10:31:38Z to 2024-11-13 10:31:38Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[15] Selected certificate: DECC86D14FE509AFF72B64EE601B09D67F7558DC - CN=localhost - Valid from 2023-11-14 10:31:38Z to 2024-11-13 10:31:38Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[29] Trusting the certificate to: DECC86D14FE509AFF72B64EE601B09D67F7558DC - CN=localhost - Valid from 2023-11-14 10:31:38Z to 2024-11-13 10:31:38Z - IsHttpsDevelopmentCertificate: true - IsExportable: true.
[45] Adding certificate to the trusted root certification authority store.
[31] An error has occurred while trusting the certificate: System.Security.Cryptography.CryptographicException: Access is denied.
   at System.Security.Cryptography.X509Certificates.StorePal.Add(ICertificatePal certificate)
   at Microsoft.AspNetCore.Certificates.Generation.WindowsCertificateManager.TrustCertificateCore(X509Certificate2 certificate)
   at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.TrustCertificate(X509Certificate2 certificate).
There was an error trusting HTTPS developer certificate.

I am an administrator on the machine and have checked that I have full read/write access on the following folder:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

I have also tried to first clean the certs before trusting:

dotnet dev-certs https --clean
dotnet dev-certs https --trust


I have also removed all localhost certificates from certlm.msc and recreated them successfully, however, when trying to trust the certificate the "Access Denied" error persists.

How can I fix / find more detail on the error?

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,612 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.