Menu
On Windows, for .NET Framework classes we can specify sslkeyrepository as *SYSTEM/*USER.On linux where does the .NET Core classes search for the certificates by default and what could be the values for sslkeyrepository.
823
The default location to install certificates is /etc/ssl/certs . This enables multiple services to use the same certificate without overly complicated file permissions. For applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.
For example, on Amazon Linux instances (based on RHEL 5. x and parts of RHEL6, and compatible with CentOS), the certificates are stored in /etc/pki/tls/certs and the keys are stored in /etc/pki/tls/private . The CA certificates have their own directory, /etc/pki/CA/certs and /etc/pki/CA/private .
Solution. Google Chrome uses the built in certificate store of the operating system it is installed in. On Linux, it uses the NSS Shared DB that is located in the hidden $HOME/. pki folder.
.Net Core uses OpenSSL on Linux, as a result, you need to set up your Linux environment in the container so that OpenSSL will pick up the certificate.
You can do this by two ways:
Copying the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ oron RHEL /etc/pki/ca-trust/source/anchors/:
COPY myca.crt /usr/local/share/ca-certificates/
Invoking update-ca-certificates:
RUN update-ca-certificates
For Linux and Mac .NET CORE will use OpenSSL.
command to generate a private key and a certificate signing request:
openssl req -config https.config -new -out csr.pem
command to create a self-signed certificate:
openssl x509 -req -days 365 -extfile https.config -extensions v3_req -in csr.pem -signkey key.pem -out https.crt
command to generate a pfx file containing the certificate and the private key that you can use with Kestrel:
openssl pkcs12 -export -out https.pfx -inkey key.pem -in https.crt -password pass:<password>
After that Trust the certificate
This step is optional, but without it the browser will warn you about your site being potentially unsafe. You will see something like the following if you browser doesn’t trust your certificate:
There is no centralized way of trusting the a certificate on Linux so you can do one of the following:
Exclude the URL you are using in your browsers exclude list
Trust all self-signed certificates on localhost
Add the https.crt to the list of trusted certificates in your browser.
How exactly to achieve this depends on your browser/distro.
You can also reference the complete Kestrel HTTPS sample app
or Follow this Blog Configuring HTTPS in ASP.NET Core across different platforms
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
