Reputation: 220
https using manual ssl cert with kestrel useHttps
I'm trying to set up a simple API using https with .Net web API.
public class Program
{
public static void Main(string[] args)
{
BuildWebHost(args).Run();
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseKestrel(options =>
{
string key = {{private.key}} //is this the password it wants?
options.Listen(IPAddress.Any, 50790);
options.Listen(IPAddress.Any, 40354, listenOptions =>
{
listenOptions.UseHttps("certificate.crt", key);
});
})
.Build();
}
//{{private.key}} is the private key in a string.
Using this works fine while starting and connecting with http but as soon as I try https I get huge errors and no response is sent to the client.
Got a cert from lets encrypt: ca_bundle.crt, certificate.crt and private.key.
This is the error I get when I try to connect using https:
fail: Microsoft.AspNetCore.Server.Kestrel[0] Uncaught exception from the OnConnectionAsync method of an IConnectionAdapter. System.NotSupportedException: The server mode SSL must use a certificate with the associated private key. at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint) at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output) at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
How can I get this working?
Upvotes: 4
Views: 7504
Answers (1)
Reputation: 220
The problem is the certificate.
You need to have a certificate with the associated private key in one file to get this to work.
So do what jdehlin says here and created a pfx file with both the cert and key.
When you do that you get asked to set a password for the pfx file and that is what you put in the password field and then you just link your pfx file instead of the crt file.
Upvotes: 8
Related Questions
- How can I use HTTPS / SSL with Kestrel in ASP.NET Core 2.x?
- Launching the application to work with https
- Asp.net core web api kestrel - https working but http does not
- Configure SSL certificate for Kestrel WebHost builder In .NET Console App
- Listening on HTTP and HTTPS? - C#/ASP.NET/Kestrel
- Configure ASP.NET Core 2.0 Kestrel for HTTPS
- Asp.Net Core 2.0 HTTP -> HTTPS on Kestrel
- Certificate issue in Kestrel ssl JSON configuration
- Kestrel on https with asp.net core 1.0
- How to implement SSL on Kestrel/.net core