Exporting https certificate fails with 'dotnet dev-certs' tool

Question

I am trying to use the 'dotnet dev-certs' tool to export an https certificate to include with a Docker image. Right now I am using:

dotnet dev-certs https -v -ep $(HOME)\.aspnet\https -p <password>

and I get the error:

Exporting the certificate including the private key.
Writing exported certificate to path 'xxx\.aspnet\https'.
Failed writing the certificate to the target path
Exception message: Access to the path 'xxx\.aspnet\https' is denied.
An error ocurred exporting the certificate.
Exception message: Access to the path 'xxx\.aspnet\https' is denied.
There was an error exporting HTTPS developer certificate to a file.

The problem I see is that no matter what path I supply to export the certificate to I get the same 'Access to the path is denied' error. What am I missing? I know this command has been suggested in numerous places. But I cannot seem to get it to work.

Thank you.

Daniel B · Answer 1 · 2020-07-12T00:32:54.313

14

The export path should specify a file, not a directory. This fixed the issue for me on Mac:

dotnet dev-certs https -v -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p <password>

edited Jul 12 '20 at 00:32

answered Apr 25 '20 at 16:33

Daniel B

4,145
1
21
21

2

That did not fix it for me – James Alexander Apr 27 '20 at 00:41
macOS Catalina, .net core 3.1 – James Alexander May 06 '20 at 03:05
3

Tested and working on Windows 10 with powershell as administrator. `dotnet dev-certs https -ep ${home}\.aspnet\https\aspnet.pfx -p ` – Adam Paquette Jul 10 '20 at 22:34

score 1 · Answer 2 · answered Jun 07 '21 at 05:58

1

For Ubuntu users:

install libnss3-tools:

sudo apt-get update -y

sudo apt-get install -y libnss3-tools
create or verify if the folder below exists on machine:

$HOME/.pki/nssdb
export the certificate:

dotnet dev-certs https -v -ep ${HOME}/.aspnet/https/aspnetapp.pfx
Run the following commands:

certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n localhost -i /home/<REPLACE_WITH_YOUR_USER>/.aspnet/https/aspnetapp.pfx

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n localhost -i /home/<REPLACE_WITH_YOUR_USER>/.aspnet/https/aspnetapp.pfx
exit and restart the browser

Source: https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0&tabs=visual-studio#ssl-linux

answered Jun 07 '21 at 05:58

Realdo Dias

517
5
11

1

Thanks this works. I failed on linux mint to get chrome to trust the dotnet localhost cert for hours by following what is written in https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0&tabs=visual-studio#ssl-linux The differences I see between yours and theirs is that you're using local user directories and exporting / trusting the cert as a pfx file. I'm not sure why yours works when theirs doesn't .. but I'm happy it works. – Joe Jul 18 '21 at 11:49
Hi, i get "Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores." on step 3. – root Mar 09 '23 at 20:01

score 0 · Answer 3 · answered Dec 11 '20 at 15:24

0

For me the problem was I was using .Net 5 under CentOS 7.8. Uninstalling .Net 5 and using .Net Core 3.1 SDK instead solved the problem.

answered Dec 11 '20 at 15:24

bN_

772
14
20

Exporting https certificate fails with 'dotnet dev-certs' tool

3 Answers3