I have a problem with HTTPS when I am running (dotnet run) my .NetCore application locally on Windows.
It was working till my localhost certificate expired…
I clean up old certificates and generated the new one by
dotnet dev-certs https –clean
dotnet dev-certs https –trust
I’ve verified that everything was added to certmgr (Personal and Trusted certs), but I have the same problem.
It is keep trying to use old certificate which expired.
I do not know why it is trying to use old “localhost” certificate after clean up certs…
Do you have any idea what should I do?.
Thank you,
Błażej
If not helps recreate cert by commands:
dotnet dev-certs https ––clean
dotnet dev-certs https ––trust
Clean all private keys from folder:
C:\Users\{User}\AppData\Roaming\ASP.NET\Https
You need to use two hyphens. The flag is -t or --trust, not –trust so the following should work:
dotnet dev-certs https --trust
You can also run the help command to see more info
dotnet dev-certs https --help
See Also: How to run dotnet dev-certs https --trust?
Related
I have created a trusted certificate as follows (cleaning up potential pre-junk). During that, I got the popups telling my that a gang of crazy donkeys can do evil things if this is a root cert. The last comamnd confirms that I have a working certificate. I even ran the commands twice to verify that cleaning would produce a warning too, which it did, just as expected.
dotnet dev-certs https --clean
dotnet dev-certs https --trust
dotnet dev-certs https --verbose
I haven't imported any PFX-files as my understanding is that working in development towards a localhost instance doesn't require that. That seems to be confirmed by the information in the console letting my know that the certificate is generated properly. Running dotnet dev-certs http --check produces no warnings (no confirmation neither, it's no content in the result).
The HTTPS developer certificate was generated successfully.
A valid HTTPS certificate is already present.
Then I executed a call to my token dispencer endpoint getting a reply as expected too. It comes back from a secure HTTPS on localhost:5001/connect/token and containes all the vital parts.
{
"access_token": "eyJhbGciO...Ow7EEkA",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "myapi.read"
}
What bothers me is the warning with red icon and the text Unable to verify the first certificate.
I've made sure to disable SSL checking and turned off CA Certificated (althoug I haven't added any Client Certificates in that menu. Googling gives me a bunch of hits on problems related to Ubuntu and/or MacOs but I'm based on a good old Win10 so those turned out irrelevant.
Have I misunderstood the approach all together or, possibly, confused some of the concepts? If not, what can I do to trouble-shoot it further?
I dig in to this a little.
dotnet dev-certs https --trust command just creates/makes sure a new localhost certificate (with friend name ASP.NET Core HTTPS development certificate) and puts it into the trust root store.
IIS Express server however won't use it automatically. It still uses the certificate (friend name is localhost) that is created when you run the APS.NET Core web app for the first time. If this certificate is removed from trust root store you will get the cert error.
You have a few options to address this issue.
Reset the IIS Express cert.
Switch the cert IISExpress use to the one you just created, you can retrieve it using the PowerShell command below and following this link.
Get-ChildItem -path cert:\currentUser\My | Select-Object FriendlyName, subject, Thumbprint
I can not use HTTPS with my web api so I tried running this command:
dotnet dev-certs https --trust
But I got this error :
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
There was an error trusting HTTPS developer certificate.
I also tried to clean and create a new one
dotnet dev-certs https -v
The HTTPS developer certificate was generated successfully.
But still facing the same issue.
I can not see localhost certificate in CurrentUser\Personal\Certificates
Sometimes this happens if you have multiple Certificates.
Execute certmgr.msc in Run
Clear all localhost certificates
On the commandline execute dotnet dev-certs https -t
You can check the certificate with dotnet dev-certs https --check. if this command returned nothing, every thing is OK.
run your application using dotnet run
I am unable to generate a valid dev localhost certificate for .NET Core.
When I run the dotnet dev-certs https -c -v command, I get the result No valid certificate found. When I subsequently run dotnet dev-certs https -v I get the message A valid HTTPS certificate is already present.
These messages seem to be conflicting. When I try to run a project using the localhost dev cert, I get the [expected] error:
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
Also, as an addition validation that things don’t seem to be working right, when I check my Keychain after running dotnet dev-certs https & dotnet dev-certs https --trust, no certificate is generated and/or placed in the Keychain.
Any thoughts on the cause of this? It seems from the command outputs that the CLI is writing to one location (unknown) where it thinks it already exists, but trying to read from another (active Keychain) where it is unable to find it.
I ended up recreating my macOS keychain and the issue was resolved.
I went to tools> nuget package manager > package manager console
copy pasted 'dotnet dev-certs https' and pressed enter. it worked fine thereafter
For https access I need to add a CA cert file to /usr/local/share/ca-certificates on my Ubuntu host machine.
Currently my Dockerfile RUN wget https... is failing since the certificate verification is failing.
How can Docker use the host machine CA cert? Or is there an existing enhancement opened to allow this?
I've used CA and SSL certs via a passthrough mount, but this looks like you're trying to do it in the Dockerfile.
So my suggestion would be - copy the CA cert to the image as part of the Dockerfile, and then proceed as normal. Or drop to http, or run wget --no-check-certificate if you're happy with that.
There are a few open bugs in this area:
https://github.com/docker/machine/issues/1799
https://github.com/docker/docker/issues/4372
https://github.com/docker/machine/issues/1435
https://github.com/deis/deis/issues/2230
I want to use the cacert.pem certificate from the cURL website so my EasyPHP server can use cURL to retrieve a site using SSL. How do I install it and is this all I need to do?
I solved this by following the instructions here: http://kb.ucla.edu/articles/how-do-i-use-curl-in-php-on-windows