Prompts for password in windows and what to type there?

[SanjivG10]

every time I started the devcert, it is always asking me to enter the password, and I don't know.. ANything you type there, it asks again. There is no real docs on what to type on or anything. Any help? If any previous password is stored, which I must have forgot, any way to reset it?

[Js-Brecht]

@SanjivG10 The password that it is asking for is the one used when the CA was originally configured. It is used to encrypt/decrypt the CA key so that it can't be used by anybody/anything to sign certificates (which would be a security risk, considering that the CA is trusted by your computer). It should only ask you for it when the CA is installed, and when it needs to make a certificate for a domain that hasn't had one created yet.

If you need to reset it, you should first remove the trust for the certificate from your computer. You can remove it from your Windows trust store using powershell:

# Say yes to the prompt when it asks you if you want to delete
Get-ChildItem cert:\CurrentUser\Root |?{ $_.Subject -like '*devcert*' } |Remove-Item

If you have Firefox installed, you will need to remove it from there manually. Go to the menu in the top right -> options -> Privacy & Security. All the way at the bottom is "View Certificates...". Open that, go to the Authorities tab, and find "devcert" in the list. Click "Delete or Distrust".

Another way to remove it from the Firefox list is to delete its nssdb, but that will also delete any other custom certificate trusts you've added.

Then, the final step (fairly broad stroke method, but it works) is to delete the devcert AppData directory. Again, probably easiest in Powershell:

Remove-Item -Force -Recurse "$ENV:LOCALAPPDATA\devcert"

Then you should be able to run devcert again, and put in whatever password you want. It will create the certificate authority again, install the trust for the new CA, then create the domain certificate you requested.

[Js-Brecht]

Just remember that new password is the one you need to use from then on.

Also good to remember is that any domain certificates created with the old CA will no longer be trusted, if you happened to move any of them out of the "$ENV:LOCALAPPDATA\devcert" directory. Just delete them and have devcert recreate them.

[LucasZNK]

Thanks @Js-Brecht !! Working again!

[talha-itsol-2020]

It worked for me too.

[dmwyatt]

# Say yes to the prompt when it asks you if you want to delete
Get-ChildItem cert:\CurrentUser\Root |?{ $_.Subject -like '*devcert*' } |Remove-Item

This wouldn't work for me, I'd always get this error:

Remove-Item: The operation is on user root store and UI is not allowed.

I ended up using the steps I googled up here but instead of selecting Computer account I selected My user account.