Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

dotnet dev-certs certificate not trusted

I am working through Adam Freeman's book "Pro ASP.Net Core 3". I have gotten to the introduction to https. He instructs us to use Powershell and run these commands in this order

dotnet dev-certs https --clean
dotnet dev-certs https --trust

When I run the clean command, I get a message saying

"HTTPS development certificates successfully removed from the machine."

But when I run the trust command, I get:

"A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it: 'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9' This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/2.1/troubleshootcertissues

A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it: 'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9' This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/3.1/troubleshootcertissues

Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. There was an error trusting HTTPS developer certificate."

I tried

  • running dotnet dev-certs https results in "A valid HTTPS certificate is already present."
  • running powershell as administrator. But I got the same errors. The book says I may get a couple of dialog boxes, but I did not get them.
  • dotnet --version gives me 3.1.200.

What do I have to do to get the certificate to work?

like image 843
ROBERT RICHARDSON Avatar asked Sep 22 '20 20:09

ROBERT RICHARDSON


People also ask

What is dotnet dev certs?

The dotnet dev-certs command manages a self-signed certificate to enable HTTPS use in local web app development. Its main functions are: Generating a certificate for use with HTTPS endpoints during development. Trusting the generated certificate on the local machine.

What is configure for HTTPS?

To configure an HTTPS server, the ssl parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified: server { listen 443 ssl; server_name www.example.com; ssl_certificate www. example.com.


2 Answers

Ok...I found a MAC super hint at the github link below.

(It ~might translate to the PC side...but I cannot test that)

https://github.com/dotnet/sdk/issues/10422

Encountered the same issue on macOS. As a solution, in the keychain, remove the old localhost certificate under 'System' and recreate it via the dotnet commands described in the docs. It will be placed under 'login'.

So to better describe the above quote, I've added a screen shot here (image below with the magenta/fuchsia/pinkish circles), to provide a "here is where it is on the Mac".....of what the text above describes..

So my steps were:

dotnet dev-certs https --clean

dotnet dev-certs https --check

// (DO THE MANUAL keychain-old-localhost removal NOW (image below) 
// (before running the below terminal commands)

dotnet dev-certs https --check

dotnet dev-certs https 

dotnet dev-certs https --trust

enter image description here

like image 169
granadaCoder Avatar answered Oct 10 '22 23:10

granadaCoder


What do I have to do to get the certificate to work?

For some reason, dotnet CLI might throw exception while we use dotnet dev-certs https --trust command to trust the HTTPS development certificate.

As a workaround, we can try following steps to manually trust the certificate.

  1. Run dotnet dev-certs https command to generate a HTTPS certificate (if you do not generate it)

  2. Copy the certificate with the ASP.NET Core HTTPS development certificate friendly name by copying from Current User > Personal > Certificates into Current User > Trusted root certification authorities > Certificates within the certificate manager UI, like below.

    enter image description here

like image 36
Fei Han Avatar answered Oct 11 '22 01:10

Fei Han