How do you install a dev certificate in a windows docker container and windows host running .net Core templates?

Question

I have used the Visual Studio templates to add Docker support and the user secrets has the password for the certificate and the user secrets and certificate are mounted as volumes in docker-compose.override.yml:

volumes:
      - ${APPDATA}/ASP.NET/Https:C:\Users\ContainerUser\AppData\Roaming\ASP.NET\Https:ro
      - ${APPDATA}/Microsoft/UserSecrets:C:\Users\ContainerUser\AppData\Roaming\Microsoft\UserSecrets:ro

I even connected to the container to verify the certicate was in the Https folder. It is not being installed for some reason. Running the app throws an error that the dev certificate doesn't exist in the certificate store. How am I supposed to install it? Is there a setting that I need so that it installs automatically in the container?

Exact error message:

System.InvalidOperationException: 'Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.

I could follow the error instructions to create the cert and add it in the container myself with:

dotnet dev-certs https
dotnet dev-certs https --trust

However the .net sdk is not installed in the final container, just the .net core runtime.

Answer 1

Not sure if this helps anyone but I was having this issue recently and found a way to correct the issue in my situation. It's not a permanent fix but just so I can develop locally for now.

In the docker-compose.override.yml file I changed the ASPNETCORE_ENVIRONMENT from Production to Development.

When I post to live, I will just need to remember to restore this.

Note: I am new to docker so take it easy on me. Feel free to edit this answer anyone to improve.

Answer 2

Note that if I enable tracing using my appsettings.Development.json:

      "Logging": {
        "LogLevel": {
          "Default": "Trace",
          "System": "Trace",
          "Microsoft": "Trace"
        }
      }

I see the error below shown if I start running my sample app without a certificate having the same name as my project mounted in the guest container:

    root@7afc71f877ce:/app# dotnet helloworld.dll
    dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
          Hosting starting
    dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
          Failed to locate the development https certificate at '/root/.aspnet/https/helloworld.pfx'.
    dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[1]
          Unable to locate an appropriate development https certificate.
    crit: Microsoft.AspNetCore.Server.Kestrel[0]
          Unable to start Kestrel.
    System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
    To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.

Hope it helps.