Menu
I have a very basic self-hosted .NET core 2.1 application with the following configuration:
public class Program
{
public static void Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.Build();
host.Run();
}
}
and very typical simple controller as follows:
[Route("api/[controller]")]
[ApiController]
public class ValuesController : ControllerBase
{
// GET api/values
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
[HttpGet("{id}")]
public ActionResult<string> Get(int id)
{
return "value";
}
// POST api/values
[HttpPost]
public void Post([FromBody] string value)
{
}
// PUT api/values/5
[HttpPut("{id}")]
public void Put(int id, [FromBody] string value)
{
}
// DELETE api/values/5
[HttpDelete("{id}")]
public void Delete(int id)
{
}
}
This application works pretty fine when I test it and navigate to my HTTPS local endpoint port (44325 in my case):
https://localhost:44325/api/values
All good so far. Now I want to figure out where the certificate for this HTTPS connection is coming from since I am not using IIS Express and indeed the certificate doesn't belong to IIS Express:
I cant find above certificate in my certificate store when I search for its thumbprint. How does this certificate gets generated? Where can I find it? why does this certificate work in Edge and chrome but in Firefox its not trusted? is it generated on the fly?
My launch setting is as follows:
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:55894",
"sslPort": 44325
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "api/values",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"Experimental1": {
"commandName": "Project",
"launchBrowser": true,
"launchUrl": "api/values",
"applicationUrl": "https://localhost:44325;http://localhost:55894",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
I am using the Experimental1 profile not the IIS Express and I see my little console when I run the application.
744
Most browsers provide a way to view these CA certificates through a settings or preferences option. Look for a security or "privacy and security" section. You may then need to scroll down to find the certificates sections and an option to view certificates.
You need to import the root certificate into the trust store for the browser. Once the browser knows you trust this root certificate, all certificates signed by this will show up as trusted.
Self-signed certificates are very different from public and private certificates because they are not signed by a certificate authority and therefore provide no trust. Instead, they are signed with their own private key.
While at this point the certificate is ready to use, it is stored only in the personal certificate store on the server. It is a best practice to also have this certificate set in the trusted root as well.
How does this certificate gets generated?
The .NET Core SDK generates the certificate the first time we run dotnet new
See https://blogs.msdn.microsoft.com/webdev/2018/02/27/asp-net-core-2-1-https-improvements/
Where can I find it?
The SDK installs the ASP.NET Core HTTPS Development Certificate into the local user certificate store.
localhost
why does this certificate work in Edge and chrome but in Firefox its not trusted?
Indeed. Even after running dotnet dev-certs https --trust, Firefox does not trust the certificate and complains that, "The certificate is not trusted because it is self-signed."
It might simply be that Firefox no longer trusts self-signed certificates. My workaround is to add a security exception.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
