Home > Back-end >  Make ASP.NET core 3.1 app use SSL certificate without installing .NET Core SDK
Make ASP.NET core 3.1 app use SSL certificate without installing .NET Core SDK

Time:03-04

I used a following PowerShell command sequence to generate, install and use an self-signed SSL certificate:

$cert = New-SelfSignedCertificate -DnsName @("localhost") -CertStoreLocation "cert:\LocalMachine\My"

$certKeyPath = "c:\certs\contoso.com.pfx"
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$cert | Export-PfxCertificate -FilePath $certKeyPath -Password $password
$rootCert = $(Import-PfxCertificate -FilePath $certKeyPath -CertStoreLocation 'Cert:\LocalMachine\Root' -Password $password)

netsh http add sslcert ipport=0.0.0.0:44357 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=55c6f3cc7464060043cd1b738b93c3ad82caaa43

Ever command has finished successfully.

But when I start ASP.NET Core 3.1 application it still considers it hasn't any certificate.

Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.

Unfortunately dotnet dev-certs https and dotnet dev-certs https --trust require that .NET Core SDK is installed, but it shouldn't be there! This is a production server!

CodePudding user response:

You can configure the certificates in appsettings.json. I think the Certificates.Default property would work for your case. You would need to set AllowInvalid to true to be able to use self-signed certificates.

Example setup appsettings.json:

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://localhost:5000"
      },
      "HttpsDefaultCert": {
        "Url": "https://localhost:5004"
      }
    },
    "Certificates": {
      "Default": {
        "Path": "<path to .pfx file>",
        "Password": "$CREDENTIAL_PLACEHOLDER$",
        "AllowInvalid": "true"
      }
    }
  }
}

More examples and explanation can be found at the Microsoft Docs.

CodePudding user response:

If your intention is to manage certificates on your own (without following Microsoft's default resolution mechanism), explicitly ask Kestrel to use your certificate via a suitable function from ListenOptions.UseHttps,

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-6.0#listenoptionsusehttps

Most common one is UseHttps(StoreName storeName, string subject, bool allowInvalid, StoreLocation location).

Changes to appsettings.json only apply when you use dotnet run or debug in Visual Studio.

  • Related