Having an website with HTTP and HTTPS bindings, running on my local IIS 7.5 server, I encountered this error with Chrome, Error 101 (net::ERR_CONNECTION_RESET) while trying to access it with HTTPS protocol. I checked the IIS and the bindings were fine, both protocols were set and self-signed certificate didn't expire yet.

Since the website it wasn't accessible on the HTTPS protocol and everything seems ok at the IIS level, I suspected there was something which it can be fixed with the netsh command.

The first thing to do was to list the SSL server certificate bindings:

netsh http show sslcert

As I expected, there was nothing shown. To "add a new SSL server certificate binding and corresponding client certificate policies for an IP address and port" (from help), netsh can be used with some basic parameters: ipport, certhash and appid.

The certhash value can be read either from ISS Manager (Manage server\Server Certificates, select a certificate, click View in the right menu, Details\Thumbprint, copy the value somewhere and replace the blanks between the groups), either using the following command:

certutil -store MY

which outputs:

Serial Number: 59e762ee4c6bda874fed1c915d26e521
Issuer: CN=adi-PC
NotBefore: 21.07.2011 2:16
NotAfter: 21.07.2012 3:00
Subject: CN=adi-PC
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): dc ab 84 55 bf 75 5c ad a4 b9 1d a6 64 45 68 b3 11 69 f0 20
Key Container = ea4cc866-f5b9-4737-a18e-1724e02961ba
Unique container name: 0e2c5f1fd1fe7a2461b77daf1973b1cb_d924ef92-4440-4132-82f8-cc223fca6bb8
Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed
CertUtil: -store command completed successfully.

The appid is any valid Guid surrounded with {}. I used PowerShell to create a new one, though I could get the "Key Container" value.

The command looks like:

netsh http add sslcert ipport= certhash=dcab8455bf755cada4b91da6644568
b31169f020 appid={ea4cc866-f5b9-4737-a18e-1724e02961ba}

The output of "netsh http show sslcert" is now:

SSL Certificate bindings:

IP:port :
Certificate Hash : dcab8455bf755cada4b91da6644568b31169f020
Application ID : {ea4cc866-f5b9-4737-a18e-1724e02961ba}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled

The ERR_CONNECTION_RESET error disappeared :)

Note: I don't do this kind of things day by day, after all, I'm only a developer. This was not a simple thing for me to do, actually it took about two hours of google-ing, this when netsh wasn't a new thing to me, a bit frustrating. But how I can test the 3D Secure integration on an eshop when my SSL is down? Can't! So I needed to have it working.


  1. Hi,
    I am facing the same problem. I tried all the above ways, but no luck.
    Basically, I am not able to open up any page hosted on localhost, that is during debugging. Everytime I get the error as 'ERR_CONNECTION_RESET'
    Please do let me know how to treat these kind of IIS Issues.

  2. Thanks a lot for such detail Article. My issue is also resolved with the steps provided. Thanks

  3. Same problem here! Suddenly - just one day after another - without changing anything in the system (which is BTW Windows 10 Pro) - I get a ERR_CONNECTION_RESET when trying to browse my development website. The solution was to set the certificate for the HTTPS binding in IIS. The setting had gone lost somehow between restarts.


Post a Comment

Popular posts from this blog

Table Per Hierarchy Inheritance with Column Discriminator and Associations used in Derived Entity Types

About the "The Controls collection cannot be modified because the control contains code blocks" symptom