I am unable to generate a valid dev localhost certificate for .NET Core.
When I run the dotnet dev-certs https -c -v command, I get the result No valid certificate found. When I subsequently run dotnet dev-certs https -v I get the message A valid HTTPS certificate is already present.
These messages seem to be conflicting. When I try to run a project using the localhost dev cert, I get the [expected] error:
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
Also, as an addition validation that things don’t seem to be working right, when I check my Keychain after running dotnet dev-certs https & dotnet dev-certs https --trust, no certificate is generated and/or placed in the Keychain.
Any thoughts on the cause of this? It seems from the command outputs that the CLI is writing to one location (unknown) where it thinks it already exists, but trying to read from another (active Keychain) where it is unable to find it.
I ended up recreating my macOS keychain and the issue was resolved.
I went to tools> nuget package manager > package manager console
copy pasted 'dotnet dev-certs https' and pressed enter. it worked fine thereafter
Related
I have created a trusted certificate as follows (cleaning up potential pre-junk). During that, I got the popups telling my that a gang of crazy donkeys can do evil things if this is a root cert. The last comamnd confirms that I have a working certificate. I even ran the commands twice to verify that cleaning would produce a warning too, which it did, just as expected.
dotnet dev-certs https --clean
dotnet dev-certs https --trust
dotnet dev-certs https --verbose
I haven't imported any PFX-files as my understanding is that working in development towards a localhost instance doesn't require that. That seems to be confirmed by the information in the console letting my know that the certificate is generated properly. Running dotnet dev-certs http --check produces no warnings (no confirmation neither, it's no content in the result).
The HTTPS developer certificate was generated successfully.
A valid HTTPS certificate is already present.
Then I executed a call to my token dispencer endpoint getting a reply as expected too. It comes back from a secure HTTPS on localhost:5001/connect/token and containes all the vital parts.
{
"access_token": "eyJhbGciO...Ow7EEkA",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "myapi.read"
}
What bothers me is the warning with red icon and the text Unable to verify the first certificate.
I've made sure to disable SSL checking and turned off CA Certificated (althoug I haven't added any Client Certificates in that menu. Googling gives me a bunch of hits on problems related to Ubuntu and/or MacOs but I'm based on a good old Win10 so those turned out irrelevant.
Have I misunderstood the approach all together or, possibly, confused some of the concepts? If not, what can I do to trouble-shoot it further?
I dig in to this a little.
dotnet dev-certs https --trust command just creates/makes sure a new localhost certificate (with friend name ASP.NET Core HTTPS development certificate) and puts it into the trust root store.
IIS Express server however won't use it automatically. It still uses the certificate (friend name is localhost) that is created when you run the APS.NET Core web app for the first time. If this certificate is removed from trust root store you will get the cert error.
You have a few options to address this issue.
Reset the IIS Express cert.
Switch the cert IISExpress use to the one you just created, you can retrieve it using the PowerShell command below and following this link.
Get-ChildItem -path cert:\currentUser\My | Select-Object FriendlyName, subject, Thumbprint
I can not use HTTPS with my web api so I tried running this command:
dotnet dev-certs https --trust
But I got this error :
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
There was an error trusting HTTPS developer certificate.
I also tried to clean and create a new one
dotnet dev-certs https -v
The HTTPS developer certificate was generated successfully.
But still facing the same issue.
I can not see localhost certificate in CurrentUser\Personal\Certificates
Sometimes this happens if you have multiple Certificates.
Execute certmgr.msc in Run
Clear all localhost certificates
On the commandline execute dotnet dev-certs https -t
You can check the certificate with dotnet dev-certs https --check. if this command returned nothing, every thing is OK.
run your application using dotnet run
I have a problem with HTTPS when I am running (dotnet run) my .NetCore application locally on Windows.
It was working till my localhost certificate expired…
I clean up old certificates and generated the new one by
dotnet dev-certs https –clean
dotnet dev-certs https –trust
I’ve verified that everything was added to certmgr (Personal and Trusted certs), but I have the same problem.
It is keep trying to use old certificate which expired.
I do not know why it is trying to use old “localhost” certificate after clean up certs…
Do you have any idea what should I do?.
Thank you,
Błażej
If not helps recreate cert by commands:
dotnet dev-certs https ––clean
dotnet dev-certs https ––trust
Clean all private keys from folder:
C:\Users\{User}\AppData\Roaming\ASP.NET\Https
You need to use two hyphens. The flag is -t or --trust, not –trust so the following should work:
dotnet dev-certs https --trust
You can also run the help command to see more info
dotnet dev-certs https --help
See Also: How to run dotnet dev-certs https --trust?
I'm not using localhost to test the serviceworker. The server have self-signed cert and it is working.
While trying to get push token from FCM it shows:
ServiceWorker registration failed: DOMException: Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script.
Can FCM service worker work with server self-signed cert?
it is a staging server therefore we wont be buying ssl cert for the server.
Looks like you can't use service workers with self signed certs.
Run Chrome with custom flags to white list your domain for testing purposes:
/Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://www.your.site
Make sure you use the correct path where Chrome is installed.
See https://stackoverflow.com/a/43484456/545726
And https://deanhume.com/home/blogpost/testing-service-workers-locally-with-self-signed-certificates/10155
To add to aiham's answer for this question
I tested the following latest browsers to work as well with these arguments:
open -a Opera.app --args --user-data-dir=/tmp/foo --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://localhost:8111
open -a Brave\ Browser.app --args --user-data-dir=/tmp/foo --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://localhost:8111
open -a Google\ Chrome.app --args --user-data-dir=/tmp/foo --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://localhost:8111
Chromium browser did not start with these settings to allow to overcome this specific DomException for using SSL with service worker locally.
This person provided some insights as a story as well for this matter: https://deanhume.com/testing-service-workers-locally-with-self-signed-certificates/
We have created a private docker registry in artifactory.
Our artifactory is a standalone installation and have Nginx as a webserver.
SSL certificates are trusted and works fine.
on docker client, I have copied the ca.crt to /etc/docker/certs.d/:5001/
while am trying to login or push images from my docker client i see below error.
[root#cds-dev-test ~]# docker login artifactory.host:5001
Username: raj
Password:
Email: raj#gmail.com
Error response from daemon: invalid registry endpoint
https://artifactory.host:5001/v0/: unable to ping registry endpoint
v2 ping attempt failed with error: Get https://artifactory.host:5001/v2/: Tunnel Connection Failed
v1 ping attempt failed with error: Get artifactory.host:5001/v1/_ping: Tunnel Connection Failed. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry artifactory.host:5001 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/artifactory.host:5001/ca.crt
my docker version is 1.9.1 and artifactory versioin 4.4.3.
It works when i use --insecure-registry option but not the secure way. We have all trusted certs in place, still see the error.
I have tried using proxy settings on docker client and also without proxy... always the same error.
Any help guys?
I figured it out.
I have proxy settings under my docker deamon. I have added No_Proxy and it works fine.
FYI....
so people if you are using trusted CA cert, and your network is behind proxy, make sure your docker services file doesnt have proxy settings, if it does add No-proxy=artifactory.host.
/etc/systemd/system/docker.service.d/http-proxy.conf
Thanks