ASP.Net Core 3 The remote certificate is invalid on MacOs
When I try to call an API method using identityserver4, I tried before on Windows and it is working fine only in Mac OS I faced this issue and I don´t know what is happened and
-
Dotnet dev-certs don't work on Linux or Mac.
That is because the dev-tools issue an incorrect root certificate.
Windows apparently accepts incorrect root certificates...What you need to do is this:
- create a root certificate
- add this to your machine's root certificate store
- sign the SSL-certificate with that root certificate.
Alternatively, you can just ignore SSL-errors:if (hostingEnvironment.IsDevelopment()) { System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; }Or you can write a more complex Validation-Callback, that just ignores untrusted root certificates:
/// <summary> /// This is to take care of SSL certification validation which are not issued by Trusted Root CA. /// </summary> /// <param name="sender">The sender.</param> /// <param name="certificate">The certificate.</param> /// <param name="chain">The chain.</param> /// <param name="sslPolicyErrors">The errors.</param> /// <returns></returns> /// <code></code> public static bool RemoteCertValidate(object sender , System.Security.Cryptography.X509Certificates.X509Certificate certificate , System.Security.Cryptography.X509Certificates.X509Chain chain , System.Net.Security.SslPolicyErrors sslPolicyErrors) { // If the certificate is a valid, signed certificate, return true. if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None) { return true; } // Logger.Current.Error("X509Certificate [{0}] Policy Error: '{1}'", certificate.Subject, sslPolicyErrors); // If there are errors in the certificate chain, look at each error to determine the cause. if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0) { if (chain != null && chain.ChainStatus != null) { foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus) { if ((certificate.Subject == certificate.Issuer) && (status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot)) { // Self-signed certificates with an untrusted root are valid. continue; } else if (status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NotTimeValid) { // Ignore Expired certificates continue; } else { if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError) { // If there are any other errors in the certificate chain, the certificate is invalid, // so the method returns false. return false; } } } // Next status } // End if (chain != null && chain.ChainStatus != null) // When processing reaches this line, the only errors in the certificate chain are // untrusted root errors for self-signed certificates (, or expired certificates). // These certificates are valid for default Exchange server installations, so return true. return true; } // End if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0) return false; }And add that to ServerCertificateValidationCallback:
System.Net.ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);讨论(0) -
Your Mac does not trust the local development Windows certificate for localhost, you need to buy a get a real certificate that your Mac will trust. Perhaps use LetsEncrypt if you want a real trusted certificate for free.
讨论(0)
加载中...
- 热议问题