Reputation: 20179
Locally I've created and exported a Self Signed certificate using IIS. The result is a PFX file.
I've loaded that into my ASP.NET Core solution and am spinning up Kestrel like the following:
var certificatePath = Path.GetFullPath(Path.Combine(Directory.GetCurrentDirectory(), "cert.pfx"));
var certificate = new X509Certificate2(certificatePath, "certpass");
HostWeb = builder
.UseKestrel(options =>
{
options.Listen(IPAddress.Loopback, 44321, listenOptions =>
{
listenOptions.UseHttps(certificate);
});
})
.UseUrls("https://localhost:44321")
.UseEnvironment("Test").Build();
HostWeb.Start();
When I run Chrome against this Web server it's still showing not secure.
What am I missing here? Is there anything else I need to configure?
Upvotes: 0
Views: 2811
Reputation: 2743
I believe you need to register this certificate on the OS level so that it is seen as a valid one. A self-signed certificate won't be by default. I used that link to do it: https://www.humankode.com/asp-net-core/develop-locally-with-https-self-signed-certificates-and-asp-net-core
Particularly that part:
# import the pfx certificate
Import-PfxCertificate -FilePath $pfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable
# trust the certificate by importing the pfx certificate into your trusted root
Import-Certificate -FilePath $cerFilePath -CertStoreLocation Cert:\CurrentUser\Root
# optionally delete the physical certificates (don’t delete the pfx file as you need to copy this to your app directory)
# Remove-Item $pfxFilePath
Remove-Item $cerFilePath
UPDATE: Your code is setting the certificate your server will present to the client during the secured connection initialization, the handshake. But then, your client has to be able to recognize this certificate as a valid one, he needs to trust it, to trust the authority that has emitted this certificate. For instance, you trust stackoverflow because you trust the authority DigiCert that delivered the certificate their server is presenting to your client.
UPDATE 2: new article on the topic: https://www.hanselman.com/blog/DevelopingLocallyWithASPNETCoreUnderHTTPSSSLAndSelfSignedCerts.aspx
Upvotes: 0
Reputation: 43
Export the certificate from Chrome, by clicking on "Not Secure", then "Certificate", "Details" tab, and then "Copy to file...", and select a file to write the certificate on your disk.
Then, double-click on the certificate, and click on "Install Certificate...", keep "Store location" as "Current User", select "Place all certificates in the following store", select "Trusted Root Certification Authorities", and then finish the wizard.
The warning that you get will disappear.
Attention: this should be applied only on a development environment.
Upvotes: 1