I used a following PowerShell command sequence to generate, install and use an self-signed SSL certificate:
$cert = New-SelfSignedCertificate -DnsName @("localhost") -CertStoreLocation "cert:\LocalMachine\My"
$certKeyPath = "c:\certs\contoso.com.pfx"
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$cert | Export-PfxCertificate -FilePath $certKeyPath -Password $password
$rootCert = $(Import-PfxCertificate -FilePath $certKeyPath -CertStoreLocation 'Cert:\LocalMachine\Root' -Password $password)
netsh http add sslcert ipport=0.0.0.0:44357 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=55c6f3cc7464060043cd1b738b93c3ad82caaa43
Ever command has finished successfully.
But when I start ASP.NET Core 3.1 application it still considers it hasn't any certificate.
Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
Unfortunately dotnet dev-certs https
and dotnet dev-certs https --trust
require that .NET Core SDK is installed, but it shouldn't be there! This is a production server!
CodePudding user response:
You can configure the certificates in appsettings.json
. I think the Certificates.Default
property would work for your case. You would need to set AllowInvalid
to true
to be able to use self-signed certificates.
Example setup appsettings.json
:
{
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://localhost:5000"
},
"HttpsDefaultCert": {
"Url": "https://localhost:5004"
}
},
"Certificates": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$",
"AllowInvalid": "true"
}
}
}
}
More examples and explanation can be found at the Microsoft Docs.
CodePudding user response:
If your intention is to manage certificates on your own (without following Microsoft's default resolution mechanism), explicitly ask Kestrel to use your certificate via a suitable function from ListenOptions.UseHttps
,
Most common one is
UseHttps(StoreName storeName, string subject, bool allowInvalid, StoreLocation location)
.
Changes to
appsettings.json
only apply when you usedotnet run
or debug in Visual Studio.