Self hosted ASP.NET Core app does not work with SSL

Question

I have created an sample ASP.NET Core application using command line:

dotnet new

and tried to run it utilizing command:

dotnet run

But, when opening the URL in the browser, it complains that the SSL is invalid.

I can run the program using Visual Studio full version without any problem, but can not run it using command line:

dotnet run

Seems that Kestrel which is run by command dotnet run needs extra configurations.

Now, the question is how can I run my ASP.NET Core application over https using Kestrel?

I'm on Dot Net Core 2.2 and Visual Studio 2019

Answer 1

It seems that IIS Express does some works behinds the scense which include configuration of a SSL certification. So, I concentrated on ASP.NET Core's internal hosting component which is Kestrel.

Firstly, I created and SSL certificate using PowerShell by help of this command:

New-SelfSignedCertificate -DnsName localhost -CertStoreLocation "cert:\LocalMachine\My"

This command creats a certification which I can see it through management console / certificates program. For more information see this. After creating a new certificate, you are required to export it as a pfx file. To do so in the management console use follwing steps:

1. Add Certificates snap-in to the management console.
2. Navigate through Personal\Certifcates
3. Right click on your newly created certificate and, from "all tasks", select "export"
4. Select the option which says: "Yes, export the private key"
5. You'll see that the pfx is automatically selected. Click "Next"
6. Set a password and saving location.
7. You are done with creating a pfx file

Next step is to configure ASP.NET Core to use the pfx file which is described here:

public static IWebHost BuildWebHost(string[] args) =>
 WebHost.CreateDefaultBuilder(args)
 .UseStartup < Startup > ()
 .UseKestrel((hostingContext, options) => 
 { 
  if (hostingContext.HostingEnvironment.IsDevelopment) {
   options.Listen(IPAddress.Loopback, 9001);
   options.Listen(IPAddress.Loopback, 9002, listenOptions => {
    listenOptions.UseHttps("certificate.pfx", "password");
   });
  }

 })
 .Build();

Now, the problem should be resolved. If not, try the certificate which is created by the IIS Express. This is also available in management console.

Answer 2

When you run ASP.NET Core in development mode using dotnet run, or from within Visual Studio, then there is already built-in support for a development certificate that allows you to develop right away with HTTPS support.

The development certificate is built-in with the .NET Core SDK and usually it should set it self up when you run the .NET Core SDK for the first time. If that did not work or if you lost the development certificate for some reason, then you can always install it later using the following command:

dotnet dev-certs https --trust

This part is also described in the “Enforcing SSL” chapter of the official documentation.

Note that the development certicate only applies during development and of course you will need to set up a proper certificate for production later. How that works of course depends on how you are going to host the application later. The different options and how to configure SSL is covered in the hosting chapter.

Answer 3

For me, the answer was simply that I had to close all instances of Chrome before it started working. I had Chrome open with a few tabs, independent of my dev site that started up. It still wasn't working even after installing the dev cert, but when I shut down every browser I had open and then started up a debugging session, it started working with no cert issues.