11

On an ASP.NET Core 2.1 I application appSettings file I have the following:

"Kestrel": {
  "Certificates": {
    "Default": {
      "Path": "localhost.pfx",
      "Password": "1234"
    }
  }
}

I created the certificate using the dotnet command:

dotnet dev-certs https -ep "localhost.pfx" -p 1234

And I copied the localhost.pfx file to the project root along the appSettings file.

When I run the project on http://localhost:5000 it is redirected to https://localhost:5001.

However, I receive the browser error saying the connection is not safe and asking me to add an exception.

What am I doing wrong?

Improve this question
4
  • What browser are you using? Commented Sep 13, 2018 at 17:16
  • 1
    I tried Firefox and Google Chrome Commented Sep 13, 2018 at 17:21
  • 1
    Have you tried with the --trust flag in the dev-certs command? dotnet dev-certs https -ep "localhost.pfx" -p 1234 --trust. Commented Sep 13, 2018 at 17:23
  • 1
    In order to actually be trusted, the self-signed cert has to be added to the trust cert store in Windows (which is what the --trust argument achieves), but you can also just do so manually. However, this only affects browsers that rely on the Windows trusted certificate store, which as far as I'm aware is only IE, Edge, and Chrome. Firefox, in particular, does not, so you still have to add a manual exception in Firefox. Commented Sep 13, 2018 at 17:34

1 Answer 1

Reset to default
18

Short Answer

Include the --trust option. 

dotnet dev-certs https -ep "localhost.pfx" -p 1234 --trust

That creates a certificate that will work with these appsettings.json:

"Kestrel": {
  "Certificates": {
    "Default": {
      "Path": "localhost.pfx",
      "Password": "12345"
    }
  }
}

Notes

If you need to recreate the certificate, clean the certificate store first. 

dotnet dev-certs https --clean

The --trust option will work right away with Chrome; with Firefox, though, we will still need to add a security exception.

Using --trust means that we no longer need to add the "Kestrel" section to the appsettings.json file.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

With the option you suggest is still necessary to add the certificate to project path and add the kestrel part to the settings? I am asking this because I thought that using a local certificate file, e.g. on Project root, than adding it to the store would not be necessary.
No. With the --trust flag, it isn't necessary to add the custom kestrel settings to appsettings.json.
What about SSL for production using a NON-self signed certificate?
@Wes I suggest opening another StackOverflow question for that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.