Our company develops a Windows application used by hundreds of customers that operates a web service on an atypical port to which we assign a self-signed SSL certificate. Prior to upgrading to the latest Preview builds, this worked properly, and it is working properly on my colleagues' and our customers' computers that are not running Insider Preview builds. I have tested this on two different computers running recent Insider Preview builds, however, and got the same failing result:
After installing the certificate via our installer,
netsh shows that it is properly installed in the system certificate store. When looking in the Certificates snap-in in MMC, the certificate is present, though marked invalid. If I copy it into Trusted Root Certification Authorities, it is recognized as valid -- a step that was not previously necessary.
If I run
curl from the command-line, before copying the certificate into Trusted Root Certification Authorities, I get an invalid certificate error. After I copy it into Trusted Root Certificate Authorities,
curl works as expected, and my web service responds properly. However, no web browsers (neither the new Edge, Chrome, or Firefox) except Internet Explorer will accept the certificate, and instead respond with a connection reset error.
I also tried using the self-signed certificate on a test website in IIS, and it's the same story.
Have there been any changes to the way the certificate store works that would have altered this behavior, and what changes must we make to accommodate those changes?
Both computers I tested on are running Windows 10 Pro for Workstations Insider Preview version 2004. The desktop is running 20201.1000 and the laptop 20190.1000.