I am developing an ASP.NET application on Windows 11. To test the app, I need to create a self-signed dev certificate. However, I am unable to use the self-signed certificate because the CA certificate is missing from the TRCA folder. If I quickly refresh the folder, I can see it is there, but one or two seconds later, it is gone.
Below, I have included a dump of what happens in the command prompt (logged in as Administrator or not doesn’t matter). I have also tried moving the certificate by copy/paste in certmgr, manually creating, exporting and importing the certificate using anything from certutil, netsh, makecert to New-SelfSignedCertificate.
I have deleted all the Visual Studio files in the Roaming/ASP.NET/https folder, the Local/ASP.NET/DataProtection-Keys folder and all the secrets files.
I have repaired and uninstalled/reinstalled IIS Express and tried installing/uninstalling/reinstalling/repairing multiple different versions of Visual Studio and VS Code.
No matter what I do, the certificate is created and immediately deleted from the TRCA folder.
C:WindowsSystem32>dotnet dev-certs https --clean
Cleaning HTTPS development certificates from the machine. A prompt might get displayed to confirm the removal of some of the certificates.
HTTPS development certificates successfully removed from the machine.
C:WindowsSystem32>dotnet dev-certs https
The HTTPS developer certificate was generated successfully.
C:WindowsSystem32>dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
Successfully trusted the existing HTTPS certificate.
C:WindowsSystem32>dotnet dev-certs https --check --trust
The following certificates were found, but none of them is trusted: 1 certificate
1) 8AC3C820AF03BC63F05179ED5762728BB38F171A - CN=localhost - Valid from 2024-06-04 13:19:17Z to 2025-06-04 13:19:17Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
The PC is connected to Active Directory so could it be an “evil” Group Policy (GPO) that is causing the automatic deletion of the certificate?
Security GPOs summary
Thor is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.