Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Exporting https certificate fails with 'dotnet dev-certs' tool

Tags:

dotnet-dev-certs

I am trying to use the 'dotnet dev-certs' tool to export an https certificate to include with a Docker image. Right now I am using:

dotnet dev-certs https -v -ep $(HOME)\.aspnet\https -p <password>

and I get the error:

Exporting the certificate including the private key.
Writing exported certificate to path 'xxx\.aspnet\https'.
Failed writing the certificate to the target path
Exception message: Access to the path 'xxx\.aspnet\https' is denied.
An error ocurred exporting the certificate.
Exception message: Access to the path 'xxx\.aspnet\https' is denied.
There was an error exporting HTTPS developer certificate to a file.

The problem I see is that no matter what path I supply to export the certificate to I get the same 'Access to the path is denied' error. What am I missing? I know this command has been suggested in numerous places. But I cannot seem to get it to work.

Thank you.

like image 227
Kevin Burton Avatar asked Jan 31 '20 21:01

Kevin Burton

People also ask

How do I generate a DotNet developer certificate?

To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. I tried to follow the recommendation in the error to run dotnet dev-certs https but it failed saying a certificate already exists:

Can DotNet Dev-Certs https--Trust-v Trust the certificate?

Both fail. dotnet dev-certs https --trust -v Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.

How to install HTTPS certificate in ASP NET Core?

Copy the certificate with the ASP.NET Core HTTPS development certificate friendly name by copying from Current User > Personal > Certificates into Current User > Trusted root certification authorities > Certificates within the certificate manager UI, like below.

How do I validate that the certificate will load?

You can then validate that the certificate will load using an example such as an ASP.NET Core app hosted in a container. In the sample, you can utilize either .NET Core 3.1 or .NET 5. For dotnet dev-certs, be sure to have the appropriate version of .NET installed:

2 Answers

The export path should specify a file, not a directory. This fixed the issue for me on Mac:

dotnet dev-certs https -v -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p <password>

like image 115
Daniel B Avatar answered Oct 19 '22 04:10

Daniel B

For Ubuntu users:

  1. install libnss3-tools:

    sudo apt-get update -y

    sudo apt-get install -y libnss3-tools

  2. create or verify if the folder below exists on machine:

    $HOME/.pki/nssdb

  3. export the certificate:

    dotnet dev-certs https -v -ep ${HOME}/.aspnet/https/aspnetapp.pfx

  4. Run the following commands:

    certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n localhost -i /home/<REPLACE_WITH_YOUR_USER>/.aspnet/https/aspnetapp.pfx

    certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n localhost -i /home/<REPLACE_WITH_YOUR_USER>/.aspnet/https/aspnetapp.pfx

  5. exit and restart the browser

Source: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0&tabs=visual-studio#ssl-linux

like image 36
Realdinho Avatar answered Oct 19 '22 04:10

Realdinho
Sign in to Comment

Related questions

How to Install dotnet dev-certs certificate on a CI Server

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!