5

I can run just fine on my dev box, but not in prod.

I have an SSL cert installed on my server for my domain.

How do I tell my ASP.NET Core application which certificate to use? I assume I need to add something to let it know.

I ask because currently i'm getting:

Unable to start Kestrel. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.

Trying to get it going on IIS, without any luck so testing using Kestrel just clicking on it on my work machine vs the server.

Kelly
  • 6,992
  • 12
  • 59
  • 76
  • Create either IP based or SNI certificate mapping https://docs.jexusmanager.com/tutorials/https-binding.html#ip-based-bindings and then let your Kestrel or IIS bind to it. – Lex Li Jun 16 '20 at 02:51

1 Answers1

7

How do I tell my ASP.NET Core application which certificate to use? I assume I need to add something to let it know.

As far as I know, we could host the application by using kestrel or IIS.

If you want to bind the certificate for the web application which will host by kestrel, I suggest you could try to configure the certificate by calling below method:

UseHttps(X509Certificate2 serverCertificate)

More details, you could refer to below codes(Program CreateHostBuilder method):

                webBuilder.UseKestrel(serverOptions =>
                {
                    serverOptions.Listen(IPAddress.Loopback, 5001,
                        listenOptions =>
                        {
                            listenOptions.UseHttps("testCert.pfx",
                                "testPassword");
                        });

                });

If you want to bind the certificate for the web application which will host by IIS, there is no need to modify the program.cs codes, you could directly set the SSL by using IIS management console.

More details ,you could refer to this article.

Brando Zhang
  • 22,586
  • 6
  • 37
  • 65
  • Is it possible to bind 2 certificates in the same port. Like below example. serverOptions.Listen(IPAddress.Loopback, 5001, listenOptions => { listenOptions.UseHttps("testCert.pfx", "testPassword"); listenOptions.UseHttps("testCert1.pfx", "testPassword1"); }); Will this works. Please suggest us. Thanks – Mohan Gopi Oct 09 '20 at 10:46
  • 6
    is there any **built in** way to configure in `appsettings.json`? – Lei Yang Mar 03 '21 at 01:03
  • Is there any built in way to make ASP.NET Core use certificate already installed in Windows certificate storage? Without entering any password or even worse: including it into source code. – Paul Mar 03 '22 at 19:55
  • certs and endpoint pairs can be configured in appsettings.json. See https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-6.0#replace-the-default-certificate-from-configuration – TwoFingerRightClick Jun 08 '22 at 17:56
  • @Paul You can of course access the windows cert store: `// for names & locations refere to StoreLocation and StoreName enums. var store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.OpenExistingOnly);` From here you can access your certs. – TronTronic Entertainment Jul 20 '22 at 07:37