certmgr | CertMgr : Create and manage X.509 certificates | TLS library

Here's what finally worked for me.

The problem was that although the Certificate Manager was not showing any expired ASP.NET certificates, the Certificate Manager was only looking at the local machine store, not the user store.

I went to the Management Console (mmc from command line) and added a Snap-in for Certificates, for current user.

When I then ran that, I found a whole bunch of ASP.NET certificates under Personal / Certificates AND Trusted Root Certification Authorities / Certificates, some of them expired. I deleted all of them.

I then ran dotnet dev-certs https --trust again, and then my server started. Yay!

I just had this problem myself. The fix for me was going back into certmgr and right click on the cert, then All Tasks, then Manage Private Keys, and add IIS_IUSRS. Depending on how your IIS app pool is configured for your website you might have to also add user "IIS APPPool{apppoolname}" as well. And for a really old, or misconfigured IIS setup, perhaps Local Service and/or Network Service.

Finally I got it. The command should be

Since this is JSON, you can use the ConvertFrom-Json cmdlet to convert it to an array of PSObjects and use a Where-Object clause to filter the objects you need:

A self-signed certificate will not be trusted by any browser unless it is trusted by the client, it is really a hard thing to make yourself a CA. If your server is public, use a CA signed ssl certificate. If you don't want to pay, use a service like LetsEncrypt and generate ssl certs for free by using ZeroSSL.com, SSLForFree.com, etc or maybe use cPanel for your website and use the AutoSSL they provide. Never use a self-signed certificate on a production server. If it is a home server or a testing/development server and it is private, there is no problem in using a self-signed certificate for localhost.

But, if you still want to proceed with a self-signed cert and see your website in your browser (this will not work if your website uses HSTS), do the following in chrome, this might be similar in other browsers.

1) Go to your website

2) Click on Advanced:

3) Click Proceed to example.com (unsafe)

If you want your self-signed cert to be trusted by only your computer (because you cannot trust it on all computers in the world by the click of a button, it is a large process and it might not be even possible), follow these steps (for Windows only, but your server need not to be windows):

1) Download your SSL cert and open the folder that is containing the ssl certificate.
2) Right-Click the certname.crt file with your certificate info and click Install Certificate (Give the file .crt extension if it is .txt, by enabling show file extensions in windows)

3) Select Current User if you are on a computer that you don't own, else select Local Machine (But, I prefer Current User) and click Next

4) Select "Place all certificates in the following store" and click Browse and select "Trusted Root Certificate Authorities" and click OK.

5) Click Next
6) Click Finish and Click Yes if it asks.