identityserver4 the remote certificate is invalid because of errors in the certificate chain: untrustedroot

Question

I am hosting my IdentityServer, Web API and MVC client apps all with IIS server, under HTTPS. When I run the my MVC client I get the following error back (note - 6009 is the port of my MVC client and 6005 is the port of my IdentityServer):

I am using IIS Express Development Certificate for all projects when I configure them in IIS:

and I copied the certificate from the personal store to the trusted root as the following:

and here is the details of the cert:

what else am I missing here?

Answer 1

For me, neither dotnet dev-certs https --clean/trust nor manually cleaning the Windows certificate stores worked out.

Since I was using Docker and Kestrel (instead of ISS), for some reason, it was using outdated certificates located under: C:\Users\<user>\AppData\Roaming\ASP.NET\Https\<project-name>.pfx The dotnet dev-certs https --clean command did not clean up the certificates in this directory.

After cleaning the certificates in this directory, everything worked again. I'm aware that your problem is already resolved, but since this is a common issue I figured I would also post my solution here.

Related issue about why the clean command does not clean these certs can be found here: https://github.com/dotnet/aspnetcore/issues/15357