Reputation: 105
IdentityServer4 HTTPS/SSL on linux
I'm working on a little dotnet + Angular project where I use this kind of architecture: There are 3 separate folders:
- App (Angular Client)
- Auth (dotnet MVC with IdentityServer4)
- Api (dotnet MVC)
They should all work with https.
I was working on Windows until now, and I had no problem with SSL, certificates, etc. just using Visual Studio and IIS Express.
I was able at a moment to deploy everything on docker using separate containers for each webservice (App, Auth, Api) and a "back-channel" network to allow containers to communicate. I did it binding some virtual volumes to the docker containers to let them use files that Visual Studio generated for me under:
- %USERPROFILE\AppData\Roaming\Microsoft\UserSecrets --> /root/.microsoft/usersecrets
- %USERPROFILE.aspnet\https --> /root/.aspnet/https/
I totally don't remember where I found those explanations to do it like that, but it worked !
Now, I'm on linux (Kali) and I'm not able at all to use self-signed certificates. I'm not a linux guy and I just don't get what I have to do to allow it to work.
I tried some things to create self-signed certificates in linux, but I always have the same issue when I try to go at https://localhost:44300 (app), https://localhost:44385 (api) or https://localhost:44321 (auth) ==> NET::ERR_CERT_AUTHORITY_INVALID
- https://kimsereyblog.blogspot.com/2018/07/self-signed-certificate-for-identity.html
- https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/
- https://askubuntu.com/a/94861
And each time I try a different manner to create a certificate and to trust it, I see that the problem is still present. But the strangest thing is that the creation date of the certificate doesn't change:
I would like at least to know where I can find that certificate on my machine (certificate of 6 october 2018 @ 17:28:09).
Thank you !
Upvotes: 2
Views: 1569
Answers (1)
Reputation: 297
I'm not familiar with the requirements to configure HTTPS/TLS for Angular and .NET applications. However I have experience with security and TLS in general.
When the browser (often Chrome) is throwing error "NET::ERR_CERT_AUTHORITY_INVALID", it means that the TLS server certificate is self-signed, therefore Chrome can't verify the server's identity using any of it's pre-trusted CA certificates.
On Windows is quite easy to 'solve' this problem by importing the server self-signed certificate in certmgr -> Trusted Root Certification Authorities\Certificates folder.
I've never done this configuration on Linux, however I'm sure there is a similar approach. Firefox does not use the same pre-trusted CA certificates approach as Chrome, Firefox has it's own keystore, that is independent from the OS. Maybe these other questions can help you:
https://unix.stackexchange.com/questions/251811/install-root-ssl-certificate https://unix.stackexchange.com/questions/125731/install-ssl-certificate-in-iceweasel
Note: Of course the correct setup would be to use a CA signed server certificate.
Upvotes: 1
Related Questions
- Problem with ssl while using wsl and identity server 4
- How to configure Key for IdentityServer4 on Linux
- How to disabling SSL for identityserver4
- .Net Core and IdentityServer4 using https in the Authority option fails
- IdentityServer4 AddSigningCredentials with Certificate
- Asp.net Core with Identity server 4
- How to disable SSL in IdentityServer4?
- IdentityServer4: Unable to load certificate, having trouble loading the certificate
- Using https with Identity Server 4
- Configure ASP.NET Core Module to host on https instead of http for IdentityServer 4