asp.net core web api local https problems - asp.net-core

I can not use HTTPS with my web api so I tried running this command:
dotnet dev-certs https --trust
But I got this error :
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
There was an error trusting HTTPS developer certificate.
I also tried to clean and create a new one
dotnet dev-certs https -v
The HTTPS developer certificate was generated successfully.
But still facing the same issue.
I can not see localhost certificate in CurrentUser\Personal\Certificates

Sometimes this happens if you have multiple Certificates.
Execute certmgr.msc in Run
Clear all localhost certificates
On the commandline execute dotnet dev-certs https -t
You can check the certificate with dotnet dev-certs https --check. if this command returned nothing, every thing is OK.
run your application using dotnet run

Related

Getting successfully a token from IdServer but with certificate error

I have created a trusted certificate as follows (cleaning up potential pre-junk). During that, I got the popups telling my that a gang of crazy donkeys can do evil things if this is a root cert. The last comamnd confirms that I have a working certificate. I even ran the commands twice to verify that cleaning would produce a warning too, which it did, just as expected.
dotnet dev-certs https --clean
dotnet dev-certs https --trust
dotnet dev-certs https --verbose
I haven't imported any PFX-files as my understanding is that working in development towards a localhost instance doesn't require that. That seems to be confirmed by the information in the console letting my know that the certificate is generated properly. Running dotnet dev-certs http --check produces no warnings (no confirmation neither, it's no content in the result).
The HTTPS developer certificate was generated successfully.
A valid HTTPS certificate is already present.
Then I executed a call to my token dispencer endpoint getting a reply as expected too. It comes back from a secure HTTPS on localhost:5001/connect/token and containes all the vital parts.
{
"access_token": "eyJhbGciO...Ow7EEkA",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "myapi.read"
}
What bothers me is the warning with red icon and the text Unable to verify the first certificate.
I've made sure to disable SSL checking and turned off CA Certificated (althoug I haven't added any Client Certificates in that menu. Googling gives me a bunch of hits on problems related to Ubuntu and/or MacOs but I'm based on a good old Win10 so those turned out irrelevant.
Have I misunderstood the approach all together or, possibly, confused some of the concepts? If not, what can I do to trouble-shoot it further?
I dig in to this a little.
dotnet dev-certs https --trust command just creates/makes sure a new localhost certificate (with friend name ASP.NET Core HTTPS development certificate) and puts it into the trust root store.
IIS Express server however won't use it automatically. It still uses the certificate (friend name is localhost) that is created when you run the APS.NET Core web app for the first time. If this certificate is removed from trust root store you will get the cert error.
You have a few options to address this issue.
Reset the IIS Express cert.
Switch the cert IISExpress use to the one you just created, you can retrieve it using the PowerShell command below and following this link.
Get-ChildItem -path cert:\currentUser\My | Select-Object FriendlyName, subject, Thumbprint

How can I use new HTTPS localhost certificate

I have a problem with HTTPS when I am running (dotnet run) my .NetCore application locally on Windows.
It was working till my localhost certificate expired…
I clean up old certificates and generated the new one by
dotnet dev-certs https –clean
dotnet dev-certs https –trust
I’ve verified that everything was added to certmgr (Personal and Trusted certs), but I have the same problem.
It is keep trying to use old certificate which expired.
I do not know why it is trying to use old “localhost” certificate after clean up certs…
Do you have any idea what should I do?.
Thank you,
Błażej
If not helps recreate cert by commands:
dotnet dev-certs https ––clean
dotnet dev-certs https ––trust
Clean all private keys from folder:
C:\Users\{User}\AppData\Roaming\ASP.NET\Https
You need to use two hyphens. The flag is -t or --trust, not –trust so the following should work:
dotnet dev-certs https --trust
You can also run the help command to see more info
dotnet dev-certs https --help
See Also: How to run dotnet dev-certs https --trust?

Firefox can find certificate, but curl cannot (while tunneling https through ssh)

Background:
I have a running app at ports 8080 in the remote server and a https ingress proxy at 443 on the same server, which redirects everything to 8080 app after handling the SSL.
What I want to do:
I want to communicate with the app through SSL remotely, while not having access directly to this domain (it is on a local network, I can access the server remotely via a different domain).
What I did:
I tunneled 443 port from my remote server ssh -L 3001:0.0.0.0:443 user#example.com. I then added 127.0.0.1 example.com to my /etc/hosts to make sure that the domain on my system is resolved properly.
Now, what I can do is enter https://example.com:3001/some/thing/ in firefox and it gets me a proper response from the server, while everything is ran through ssl without any problems. I also am able to use curl without checking the certificate: curl --insecure https://example.com:3001/some/thing works fine.
At the same time secure curl call fails: curl https://example.com:3001/some/thing with the error:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
Just to make sure both are using the same certificates, I actually used this tool: https://curl.haxx.se/docs/mk-ca-bundle.html to create a ca-bundle.crt from the most recent firefox certificates and passed it to curl with --cacert ca-bundle.crt. No luck - the same error. (I also tried following other curl tutorial on getting the local installation of firefox's certs, also no luck).
Question
What is going on? Why is curl's output different from firefox's even if I seem to use the same certificates? How can I debug this?
Side note
The real reason I am concerned about it is that with a normal (local) access to the server, I observed the same behaviour: I could connect to the server through chrome on https, but my react native app could not. I suspect the app to use libcurl under the hood or something similar and I believe debugging this problem could help me understand what's the problem with the app.

Unable to create dev https certificate with .NET Core

I am unable to generate a valid dev localhost certificate for .NET Core.
When I run the dotnet dev-certs https -c -v command, I get the result No valid certificate found. When I subsequently run dotnet dev-certs https -v I get the message A valid HTTPS certificate is already present.
These messages seem to be conflicting. When I try to run a project using the localhost dev cert, I get the [expected] error:
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
Also, as an addition validation that things don’t seem to be working right, when I check my Keychain after running dotnet dev-certs https & dotnet dev-certs https --trust, no certificate is generated and/or placed in the Keychain.
Any thoughts on the cause of this? It seems from the command outputs that the CLI is writing to one location (unknown) where it thinks it already exists, but trying to read from another (active Keychain) where it is unable to find it.
I ended up recreating my macOS keychain and the issue was resolved.
I went to tools> nuget package manager > package manager console
copy pasted 'dotnet dev-certs https' and pressed enter. it worked fine thereafter

Tunnel Connection Failed error when logging into artifactory docker registry

We have created a private docker registry in artifactory.
Our artifactory is a standalone installation and have Nginx as a webserver.
SSL certificates are trusted and works fine.
on docker client, I have copied the ca.crt to /etc/docker/certs.d/:5001/
while am trying to login or push images from my docker client i see below error.
[root#cds-dev-test ~]# docker login artifactory.host:5001
Username: raj
Password:
Email: raj#gmail.com
Error response from daemon: invalid registry endpoint
https://artifactory.host:5001/v0/: unable to ping registry endpoint
v2 ping attempt failed with error: Get https://artifactory.host:5001/v2/: Tunnel Connection Failed
v1 ping attempt failed with error: Get artifactory.host:5001/v1/_ping: Tunnel Connection Failed. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry artifactory.host:5001 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/artifactory.host:5001/ca.crt
my docker version is 1.9.1 and artifactory versioin 4.4.3.
It works when i use --insecure-registry option but not the secure way. We have all trusted certs in place, still see the error.
I have tried using proxy settings on docker client and also without proxy... always the same error.
Any help guys?
I figured it out.
I have proxy settings under my docker deamon. I have added No_Proxy and it works fine.
FYI....
so people if you are using trusted CA cert, and your network is behind proxy, make sure your docker services file doesnt have proxy settings, if it does add No-proxy=artifactory.host.
/etc/systemd/system/docker.service.d/http-proxy.conf
Thanks