0

I have a .net 7 mini web api running as a windows service (no IIS), and it runs with no problem locally. When I deploy to the prod server I get the following error:

enter image description here

I went through the process to create and add a localhost, x.509 certificate on the server:

enter image description here

My question is, how do I attach this cert to the api. What should be my next steps to configure the api, or what code do I need to add. I've only found answers using IIS, and that not an option for this project. Thanks for the help.

Here's my Program.cs snippet:

var webApplicationOptions = new WebApplicationOptions
{
    Args = args,
    ContentRootPath = WindowsServiceHelpers.IsWindowsService()
        ? AppContext.BaseDirectory
        : default
};

var builder = WebApplication.CreateBuilder(webApplicationOptions);

builder.WebHost.ConfigureKestrel((context, serverOptions) =>
{
    var kestrelSection = context.Configuration.GetSection("Kestrel");
    serverOptions.Configure(kestrelSection);
});

builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddCors();

builder.Services.AddHostedService<Worker>();

builder.Host
    .UseWindowsService()
    .UseSerilog((hostContext, logConfiguration) => logConfiguration.ReadFrom.Configuration(hostContext.Configuration))
    .ConfigureServices((hostContext, services) =>
    {
        
        services.AddWindowsService();
        services.AddHostedService<Worker>();
        services.AddMediatR(typeof(Program).Assembly);
        services.AddPersistenceServices(hostContext.Configuration);
        services.Configure<RabbitMqConfiguration>(config => hostContext.Configuration.GetSection(nameof(RabbitMqConfiguration)).Bind(config));
       
    });

var app = builder.Build();

app.UseSwagger();
app.UseSwaggerUI(options =>
{
    options.SwaggerEndpoint("/swagger/v1/swagger.json", "v1");
});

app.UseCors(p => p.WithOrigins("https://localhost:1234").AllowAnyHeader().AllowAnyMethod().AllowCredentials());

app.MapEndDebtorEndpoints();

app.Run();

And here's the appsettings.json kestrel settings.

"Kestrel": {
"Endpoints": {
  "Http": {
    "Url": "http://localhost:4321"
  },
  "Https": {
    "Url": "https://localhost:1234"
  }
}

},

bflow1
  • 49
  • 1
  • 9
  • Certificates are used for more than one purpose. It can be the certificate used for TLS or it can be the certificate for authentication. TLS is used to establish an encrypted connection between the HTTP client and server. It is performed before the HTTP Request is sent. The certificate must be loaded on client and server before the connection is started. The TLS certificate is not sent over the connection. Only the name of the certificate is transfer between server and client. The name is sent automatically as part of the TLS protocol. – jdweng Jul 20 '23 at 12:58
  • Thanks for the input. Learning curve. But, how do you get the api to discover the cert when it's deployed to the server. – bflow1 Jul 20 '23 at 13:34
  • TLS the server sends a certificate block with names of certificates. Than client looks up names of certificate in stores. The certificate has to be loaded on both client and server. The error message could be misleading. When TLS fails a timeout exception occurs. It can mean the connection did not complete for lots of reasons. The client and server need to use the same port number. A proxy may not be working properly and stop the connection from completing. A IIS server does not support TLS 1.3 (only 1.2) so a TLS 1.3 certificate will not work on IIS. – jdweng Jul 20 '23 at 14:19
  • Ok, so, is the startup middleware correct, or am I missing some code to capture the certificate. Thanks – bflow1 Jul 20 '23 at 16:27
  • The certificate need to be loaded manually onto the client if that is the issue. I suspect it may be the proxy. See : https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/when-to-use-a-reverse-proxy?view=aspnetcore-7.0 – jdweng Jul 20 '23 at 18:52
  • Have you tried like this - [https://stackoverflow.com/questions/61138759/asp-net-core-3-1-web-api-can-it-be-self-hosted-as-windows-service-with-https-a](https://stackoverflow.com/questions/61138759/asp-net-core-3-1-web-api-can-it-be-self-hosted-as-windows-service-with-https-a) – Abhijith Nayak Jul 25 '23 at 13:04

0 Answers0