0

I've created a WebAPI .Net 5 App which listens on an HTTPS port 8286. When I run it in Visual Studio everything is good.

Once I do "Publish" and try to run it on our Windows Server 2012 I get a "Unable to start Kestrel. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'..."

enter image description here

I have an SSL certificate installed on the server. It works with IIS and with a .NET 4.8 WebAPI Self hosted OWIN app

Using netsh http show sslcert I can see the certificate is bound enter image description here

Here is my CreateHostBuilder function:

public static IHostBuilder CreateHostBuilder(string[] args)
        {
            Console.WriteLine("USE URLS: https://*:8286/");
            return Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStartup<Startup>();
                    webBuilder.UseUrls("https://*:8286/");
                });
        }
Improve this question
15
  • The error is pretty clear. This has nothing to do with Windows Server. You can't use SSL with an invalid certificate, and a self-signed certificate is invalid by definition. The error describes how to generate and trust a self-signed certificate, Commented Jul 14, 2021 at 11:28
  • Are you using IIS? Kestrel? NGINX? Adding and configuring the certificate is different in each case. Even if you trust the development certificate browsers and other servers won't trust it. Commented Jul 14, 2021 at 11:36
  • 1
    If the service doesn't use IIS at all, it has to load and use the certificate in Startup.cs. The article Configure endpoints for the ASP.NET Core Kestrel web server shows how to specify the certificate either through settings, by providing the path to the pfx file and password, or in code, by loading and using an X509Certificate2 instance Commented Jul 14, 2021 at 11:53
  • 1
    In a similar case I chose to host all separate services as separate IIS web apps because IIS is more securer and easier to manage than Kestrel. If something goes wrong, IIS will restart the web app while using Kestrel would result in a crash. I have a hosted Blazor WASM application with several other services that I don't want in the host app itself, eg file converters, job schedulers etc Commented Jul 14, 2021 at 12:03
  • 1
    If you use Docker or Kubernetes on the other hand, recycling, resiliency etc are handled by the orchestrator so if one service crashes, the orchestrator will restart it. In that case Kestrel is just fine. You may not even need HTTPS everywhere as Kubernetes essentially creates a "private network" between services and allows only a "gateway" to be accessed from the outside. Of course, setting up Kubernetes is a whole different can of worms ... Commented Jul 14, 2021 at 12:09

1 Answer 1

Reset to default
0

Okay so here is the solution when running the app from the command line (which uses the Kestrel Server)

You need to add to your appsettings.json the following section

"Kestrel": {
"Endpoints": {
  "Http": {
    "Url": "http://*:1111"
  }
  ,
  "Https": {
    "Url": "https://*:2222",
    "Certificate": {
      "Path": "my_ssl.pfx",
      "Password": "my_password"
    }
  }
}}

Obviously for this to work you will need the pfx file. This will work even if you deploy to Linux.

BTW, if you add this to appsettings.json, it will override the ports in launchSettings.json when running from inside Visual Studio

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.