https using manual ssl cert with kestrel useHttps

Question

I'm trying to set up a simple API using https with .Net web API.

public class Program
{
    public static void Main(string[] args)
    {
        BuildWebHost(args).Run();
    }

    public static IWebHost BuildWebHost(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>()
            .UseKestrel(options =>
            {
                string key = {{private.key}} //is this the password it wants?
                options.Listen(IPAddress.Any, 50790);
                options.Listen(IPAddress.Any, 40354, listenOptions =>
                {
                    listenOptions.UseHttps("certificate.crt", key);
                });
            })
            .Build();

}

//{{private.key}} is the private key in a string.

Using this works fine while starting and connecting with http but as soon as I try https I get huge errors and no response is sent to the client.

Got a cert from lets encrypt: ca_bundle.crt, certificate.crt and private.key.

This is the error I get when I try to connect using https:

fail: Microsoft.AspNetCore.Server.Kestrel[0] Uncaught exception from the OnConnectionAsync method of an IConnectionAdapter. System.NotSupportedException: The server mode SSL must use a certificate with the associated private key. at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint) at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output) at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)

How can I get this working?

Answer 1

The problem is the certificate.

You need to have a certificate with the associated private key in one file to get this to work.

So do what jdehlin says here and created a pfx file with both the cert and key.

When you do that you get asked to set a password for the pfx file and that is what you put in the password field and then you just link your pfx file instead of the crt file.