1

I'm creating an ASP.NET Web API endpoint inside a console app which I need to host as a Windows Service.

Now everything is working except the endpoint is in http. I want to use https.

When I run it via Visual Studio.

I believe the Kestrel is behind an IIS as a reverse proxy and SSL certificates are validated. But when I host it as a Windows service. I'm getting certificate errors when trying to reach the endpoint

This is my Kestrel WebHost builder

var configigurations = new ConfigurationBuilder()
                       .AddJsonFile("appsettings.json", optional: false)
                       .Build();
var host = new WebHostBuilder()
                .UseKestrel(options =>
                {
                    options.ListenAnyIP(443, listenOptions =>
                    {
                        listenOptions.UseHttps("sslcertificate.pfx", "ssl@123");
                    });
                })
                .UseUrls(config.ApiBaseUrl)
                .UseConfiguration(configigurations)
                .UseStartup<Startup>()
                .Build();
host.Run();

Since it runs as a Windows service and exposes the API, I cannot rely on IIS. I need to configure for Kestrel.

But how can I

  1. Generate an SSL for localhost (I'm using Windows)

  2. If I have already an SSL certificate in production (*.cert). How can I make a *.pfx (cert + RSA private key) from it on production server (also Windows)

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Sangeeth Nandakumar
  • 1,362
  • 1
  • 12
  • 23
  • Okay so it's a console app. but inside it there is an API endpoint. Right? And when you run it in VisualStudio it hits the endpoint and when deployed as a Windows service it throws cert validation error. This is your issue right? – Almero Rick May 04 '21 at 20:24
  • Exactly. I'm trying to install it on my local system – Sangeeth Nandakumar May 04 '21 at 20:24

2 Answers2

1
  1. .Net Core (and .Net 5) is bundled with a convenient tool to handle development self-signed certificates. Look into dotnet dev-certs. The commands are:
dotnet dev-certs https -ep $env:USERPROFILE\.aspnet\https\aspnetapp.pfx -p crypticpassword
dotnet dev-certs https --trust

This doc also describes how to do the same thing with PowerShell or openssl if that's your style

  1. Look into this question. In short, you can do that by exporting certificate from Windows Certificate store and choosing "Yes, export Private key" which automatically enabled PFX format
Renerick
  • 401
  • 6
  • 9
1

This will create a certificate

dotnet dev-certs https -ep $env:USERPROFILE\.aspnet\https\aspnetapp.pfx -p crypticpassword

This will create a trust

dotnet dev-certs https --trust
Vladimer Gochsave
  • 26
  • 3