Config IIS on HTTPS for DEV ambient

Question

Hello everyone,

I have a site stored on IIS in my local network with a couple of APIs developed (assuming that I have always used it in http), I need the APIs to be available in HTTPS.

I store a self-signed certificate on the IIS server machine 172.16.1.193 and in the bindings I select in certificate.

If I test the API on the same machine with IP / localhost it works, but if I try from the PC next to it, nothing to do, the response is always net::ERR_CERT_INVALID

The call is very simple, I report it below. Is there a way to get around this situation? The API will always be confined within my network.

<script>

function inviaRichiestaGET(url) {

const xhr = new XMLHttpRequest();

xhr.open('GET', url, true);

xhr.onreadystatechange = function () {

if (xhr.readyState === 4) {

console.log(xhr.status); // Status della risposta

console.log(xhr.responseText); // Corpo della risposta

}

};

xhr.send(); // Invio della richiesta

}

inviaRichiestaGET('https://172.16.1.193/Api_CMD_Monitoring_DC.aspx?Trc_ACT=aabbccddee');

</script>

Answer 1

Hi Marco Vaino,

The net::ERR_CERT_INVALID error you're seeing when accessing your IIS-hosted API from another machine is expected when using a self-signed certificate. This happens because browsers like Chrome don’t automatically trust certificates that aren’t issued by a recognized Certificate Authority (CA).

Even though your self-signed certificate is valid for your server, other devices on the network will reject it unless they’re explicitly told to trust it.

Since your API is only used within your internal network, you can resolve this by manually installing and trusting the certificate on each client machine.

1.Export the Self-Signed Certificate

On the IIS server:

• Open certlm.msc (Local Machine Certificate Store).
• Find your certificate under Personal > Certificates.
• Right-click > All Tasks > Export.
• Choose No, do not export the private key.
• Export as a .CER file.

2.Install the Certificate on Client Machines

On each client PC:

• Double-click the .CER file.
• Click Install Certificate.
• Choose Local Machine (you may need admin rights).
• Select Place all certificates in the following store.
• Browse to Trusted Root Certification Authorities.
• Finish the wizard and restart the browser.

This tells the client machine to trust your self-signed certificate, so the browser will stop showing the ERR_CERT_INVALID error.

For more information:
https://learn.microsoft.com/en-us/biztalk/adapters-and-accelerators/accelerator-rosettanet/exporting-certificates

Answer 2

self signed certificates are not trusted by default. the tool/procedure you used to create the self signed certificate probably add as trusted to the local computer. every computer you want to access the ssl site from needs to have the certificate installed as trusted.

google trust self signed certificate for the O/S of the computer you want to access from to get directions.

Answer 3

Hello,

 

Thank you for posting in Q&A forum.

To further troubleshoot the self-signed certificate issue, please kindly try below steps:

1.Export the self-signed certificate from the IIS server and import it to client certificate store.

2.Go to IIS Manager and navigate to your site, select "Bindings" and ensure that the HTTPS binding is correctly configured with the self-signed certificate.

3.Check the Certificate Chain:

Ensure that the certificate chain is complete and that the client machines trust the root certificate authority which issued the self-signed certificate.

4.Test the Connection after the configuration and give another try.

 

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

 

Best regards，

Jill Zhou

 

---

If the Answer is helpful, please click "Accept Answer" and upvote it.