I\'m new in ASP.NET.
Environment:
Ubuntu 18.04
Visual Studio Code
.NET SDK 2.2.105
I\'m in troubl
For Chrome:
Run: certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n {FILE_NAME} -i {FILE_NAME}
Restart Chrome.
On Ubuntu the standard mechanism would be:
dotnet dev-certs https -v
to generate a self-signed certopenssl pkcs12 -in <certname>.pfx -nokeys -out localhost.crt -nodes
localhost.crt
to /usr/local/share/ca-certificates
sudo update-ca-certificates
/etc/ssl/certs/localhost.pem
(extension changes)openssl verify localhost.crt
Unfortunately this does not work:
dotnet dev-certs https
generates certificates that are affected by the issue described on https://github.com/openssl/openssl/issues/1418 and https://github.com/dotnet/aspnetcore/issues/7246:$ openssl verify localhost.crt
CN = localhost
error 20 at 0 depth lookup: unable to get local issuer certificate
error localhost.crt: verification failed
Workaround: (tested on Openssl 1.1.1c)
In detail:
manually generate self-signed cert:
[req]
default_bits = 2048
default_keyfile = localhost.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = localhost
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
basicConstraints = critical, CA:false
keyUsage = keyCertSign, cRLSign, digitalSignature,keyEncipherment
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf
openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt
openssl verify -CAfile localhost.crt localhost.crt
which should yield localhost.crt: OK
openssl verify localhost.crt
should fail withCN = localhost
error 18 at 0 depth lookup: self signed certificate
error localhost.crt: verification failed
trust this cert:
/usr/local/share/ca-certificates
sudo update-ca-certificates
/etc/ssl/certs/localhost.pem
(extension changes)$ openssl verify localhost.crt
localhost.crt: OK
force your application to use this cert
"Kestrel": {
"Certificates": {
"Default": {
"Path": "localhost.pfx",
"Password": ""
}
}
}
Looks like this is a known issue with dotnet global tools and that specific command is only available for MacOS and Windows. See this issue on github: Issue 6066.
It seems like there may be a work around for Linux users based on this SO post: ASP.Net Core application service only listening to Port 5000 on Ubuntu.