1

I used a following PowerShell command sequence to generate, install and use an self-signed SSL certificate:

$cert = New-SelfSignedCertificate -DnsName @("localhost") -CertStoreLocation "cert:\LocalMachine\My"

$certKeyPath = "c:\certs\contoso.com.pfx"
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$cert | Export-PfxCertificate -FilePath $certKeyPath -Password $password
$rootCert = $(Import-PfxCertificate -FilePath $certKeyPath -CertStoreLocation 'Cert:\LocalMachine\Root' -Password $password)

netsh http add sslcert ipport=0.0.0.0:44357 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=55c6f3cc7464060043cd1b738b93c3ad82caaa43

Ever command has finished successfully.

But when I start ASP.NET Core 3.1 application it still considers it hasn't any certificate.

Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.

Unfortunately dotnet dev-certs https and dotnet dev-certs https --trust require that .NET Core SDK is installed, but it shouldn't be there! This is a production server!

Improve this question
11
  • Is there a specific reason you want to use Kestrel directly instead of a reverse proxy like Nginx? Commented Mar 3, 2022 at 19:43
  • MaartenDev, there is no special reason for that. It just already runs on a development machine and I want to simplify my life while copying the whole to the production environment. Otherwise comes another guy who knows another server and then I have to learn that too :) Commented Mar 3, 2022 at 19:45
  • I don't want to delete my comment. This is a really broad question and my question tries to narrow down your reasoning behind this question. Tagging users is not needed, users are automatically notified if they place a comment on a question. Commented Mar 3, 2022 at 20:22
  • How are you starting the application in the production environment? Commented Mar 3, 2022 at 20:23
  • Temporarily as a normal console app. Further it should be started as a Windows service. I am using configuration parameters from appsettings.json, not from command line. Commented Mar 3, 2022 at 20:26

2 Answers 2

Reset to default
2

You can configure the certificates in appsettings.json. I think the Certificates.Default property would work for your case. You would need to set AllowInvalid to true to be able to use self-signed certificates.

Example setup appsettings.json:

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://localhost:5000"
      },
      "HttpsDefaultCert": {
        "Url": "https://localhost:5004"
      }
    },
    "Certificates": {
      "Default": {
        "Path": "<path to .pfx file>",
        "Password": "$CREDENTIAL_PLACEHOLDER$",
        "AllowInvalid": "true"
      }
    }
  }
}

More examples and explanation can be found at the Microsoft Docs.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I have tested it - it leads to the same error as using UseUrls and UseSoapEndpoint. It doesn't matter whether I configure it directly in code or in Kestrel settings in appsettings.json. And I do not like to store certificate password as a plain text. My idea was that Windows certificate store already has a certificate for localhost. I thought, UseSoapEndpoint case would use it, but something is going wrong.
You can point it to the user certificate store: learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/…. Are you sure that you are accesing https://localhost:5004?
Changes to appsettings.json only apply when you use dotnet run or debug in Visual Studio. So this answer won't help on a production server with .NET SDK.
Lex Li: I tested in production environment, and settings from appsettings.json ARE accepted. May be you are confusing it with launchSettings.json
MaartenDev: What do you mean with "am I accessing?" It doesn't come to access. Application crashes immediately at start when using HTTPS. It runs on development machine where development certificate is installed.
|
-1

If your intention is to manage certificates on your own (without following Microsoft's default resolution mechanism), explicitly ask Kestrel to use your certificate via a suitable function from ListenOptions.UseHttps,

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-6.0#listenoptionsusehttps

Most common one is UseHttps(StoreName storeName, string subject, bool allowInvalid, StoreLocation location).

Changes to appsettings.json only apply when you use dotnet run or debug in Visual Studio.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.