Configure a self-signed certificate in Ubuntu to allow HTTPS access with an ASP.NET Core 2.1 application
- Create an asp.net core project as usual and check if you have access using HTTPS.
dotnet new web -o Sample
cd Sample
dotnet restore
dotnet run
1.1 Navigate to https://localhost:5001
Can you read the message "Hello World!"? Congrats, you can stop reading this guide.
Firefox shows you a "Secure Connection Failed" message? or do you have an error message in console like this?
dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib
Stay reading.
- Install 'ca-certificates' and 'openssl' packages
sudo apt-get install ca-certificates openssl
- Genereate the .pfx certificate with dotnet command [1]
dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p crypticpassword
- Extract the .crt file [2]
cd ${HOME}/.aspnet/https/
openssl pkcs12 -in aspnetapp.pfx -nocerts -out aspnetapp.pfx
openssl pkcs12 -in aspnetapp.pfx -clcerts -nokeys -out aspnetapp.crt
- Copy the .crt file to the certificates location [3]
sudo cp aspnetapp.crt /usr/local/share/ca-certificates/
- Change the permissions to allow to read the certificate [4]
sudo chmod +r /usr/local/share/ca-certificates/*
- Run the application again and check the https address
dotnet run
Navigate to https://localhost:5001
If you have any error, you can check the links below to know more about each step.
[2] https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/
[3] https://stackoverflow.com/a/44160125
[4] https://github.com/dotnet/cli/issues/9376#issuecomment-393954876