In this project they use tye. I have been using it for development. But it can also be used to deploy kubernetes clusters

First of all, awesome job!

When I'm running the command ./scripts//ubuntu-create-dotnet-devcert.sh, as written in the readme, I receive the error:

./scripts/ubuntu-create-dotnet-devcert.sh: 2: .: Can't open ./common.sh

However, when I run the command from the scripts folder, everything works as expected.

It would be nice to be able to invoke the command from any location.

Hello, this script is working fine with "dotnet run" on Ubuntu + netcore 5 https, in both browser, postman.
But when publishing the same application in docker, the application is not working on https.

I am new to docker, hence please suggest if I need to perform few changes to run application docker on

dotnet version: 5.0.302

Error:
crit: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action1 configureOptions) at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable1 listenOptions, AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken) Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054. at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable1 listenOptions, AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)

I:m using arch linux script to create certificates. While it does work, when I connect to my server using ipv4, when I try to connect using ipv6 dotnet fails to find appropriate certificate. Is it possible to add such certificate creation in script?

I use archlinux. After I exec the script, chrome browser can visit my web API currently. But when I wanted to call it in .NET console program:

var httpClient = new HttpClient();
var response = await httpClient.GetAsync("https://localhost:5001/WeatherForecast");

It raised an error:

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException:  Received an unexpected EOF or 0 bytes from the transport stream.
   at System.Net.Security.SslStream.<FillHandshakeBufferAsync>g__InternalFillHandshakeBufferAsync|182_0[TIOAdapter](TIOAdapter adap, ValueTask`1 task, Int32 minSize)
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Client.Program.Main(String[] args) in /home/snowind/Tests/OpenIdDemo/Client/Program.cs:line 13

And when I use curl to visit https://localhost:5001/WeatherForecast it returned curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:5001.

How to solve it?

Thank you for providing a solution to this very annoying problem of setting up local dev certs - Microsoft has really dropped the ball by not considering linux in their dev-certs cli. Microsoft support referred me to your script in-fact...

I am trying to run this on Ubuntu 22.04 and .NET 7 SDK.
The script executes fine and installs the certificate.

However, if I open a .net hosted site, I get a untrusted certificate warning in Chromium (snap) and Brave (also snap). I know it is the localhost cert is being used because of the dates.

Also, service-to-service SSL Handshake also fails with the following error...

[13:33:45 DBG] Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:0A000416:SSL routines::sslv3 alert certificate unknown
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan``1 input, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeDeleteSslContext& context, ReadOnlySpan``1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions, SelectClientCertificate clientCertificateSelectionCallback)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.OnConnectionAsync(ConnectionContext context)

I think it is because when I try to verify the certificate using OpenSSL, I get an error:

openssl verify /etc/ssl/certs/dotnet-devcert.pem

CN = localhost
error 18 at 0 depth lookup: self-signed certificate
error /etc/ssl/certs/dotnet-devcert.pem: verification failed

Any ideas or advice?

Hi, I think this just needs to be added to the prerequisites. Version 3.1 of dotnet dev-certs https doesn't support the --import option as best I can tell.

This is not an issue, just to says thanks for sharing this. I'm a long term Windows developer and have decided to give Linux a go with .NET 5. As a trial, I'm developing on a Raspberry Pi 400 and can confirm the script works perfectly on Raspberry Pi OS. Thanks once again.

Hello, I have been trying to use this script to generate a valid self-signed certificate for my code-server container which is Ubuntu based (by linuxserver) and it runs just fine, with no errors. I can also see the .pem file in /etc/ssl/certs/ and .crt file in /usr/local/share/ca-certificates. Running "openssl verify dotnet-devcert.crt" tells me that certificate is OK too. When I try to run debug, however, I am getting this error:

Exception has occurred: CLR/System.NotSupportedException
An unhandled exception of type 'System.NotSupportedException' occurred in System.Net.Security.dll: 'The server mode SSL must use a certificate with the associated private key.'
   at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware..ctor(ConnectionDelegate next, HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.<>c__DisplayClass12_0.<UseHttps>b__0(ConnectionDelegate next)
   at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Build()
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass30_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location ---

Could you please advice?

This is not an issue.

I tried to figure out a way to message you directly within github... couldn't find that way.

thank you very much for creating this script!

It work very well before but now after upgrading to 22.04 I got issue like below when running app

However, the chrome still detect https OK for the service. Just error when calling this https service (authen) from another service (Microservices)

I rerun your script, delete https file, even reinstall dotnet. But still doesn't work

: requestId: 0HMT1N9A3RC2T:00000005, previousRequestId: no previous request id, message: Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---

PS /home/xxx> sudo dotnet dev-certs https --check --verbose

Welcome to .NET 7.0!

SDK Version: 7.0.400
[1] Listing certificates from CurrentUser\My
[2] Found certificates: 1 certificate
1) 530F28819E601A593EE90993E697E7540C150AC9 - CN=localhost - Valid from 2023-05-30 12:06:30Z to 2024-05-29 12:06:30Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[3] Checking certificates validity
[4] Valid certificates: 1 certificate
1) 530F28819E601A593EE90993E697E7540C150AC9 - CN=localhost - Valid from 2023-05-30 12:06:30Z to 2024-05-29 12:06:30Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
A valid certificate was found: 530F28819E601A593EE90993E697E7540C150AC9 - CN=localhost - Valid from 2023-05-30 12:06:30Z to 2024-05-29 12:06:30Z - IsHttpsDevelopmentCertificate: true - IsExportable: true

The script working fine in Chrome but when communicating service to service (calling an Identity service). Getting this error please suggest, I am using the script provided repository as self-signed certificates.

My system Ubuntu 20, ASPNET Core 5 and IdentityServcer4

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

HEADERS

Connection: keep-alive
Accept: /
Accept-Encoding: gzip, deflate, br
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ4ODA4MUYxQ0IzMDE5OTgzQUI1MUI2RTgzRTg2Qjc4IiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MjQ3NzQzMzQsImV4cCI6MTYyNDc3NzkzNCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImNsaWVudF9pZCI6InBvc3RtYW4iLCJzdWIiOiIwODQwNTJlNS0xMTE0LTQ1MDQtYTA3Ny1lNzBlOTM3ZDAyZDQiLCJhdXRoX3RpbWUiOjE2MjQ3NzQzMzIsImlkcCI6ImxvY2FsIiwianRpIjoiNUVGMjNGQzI1MzVEQzJDRDNGRkQwQkQ3NTBFMkQ3QjkiLCJzaWQiOiI1MjREQzk2MTA0M0VCM0JGMTg0QUE5NjI0RTc5NEMzRCIsImlhdCI6MTYyNDc3NDMzNCwic2NvcGUiOlsib3BlbmlkIiwicHJvZmlsZSJdLCJhbXIiOlsicHdkIl19.sT2dCuwzBrs2B42-WGeiF56e24HWtHe6OHsd9xvAJSZvL3MB06dqW-32R_HQmhOYLQOBv6XRuJbPYT7mxtr1OdsG8PSCygrwi-ZAtEHBX9AjBju6QpJXieHWaXaLKqJzfKFC8llxmlvIFu0vsw-bl7QL09GrssP5OWLHSd6GX-hS8CrOzCt1JJ9rmCS_52rs2E8sN6cQ69y-sGBPjBEs6GySQJ1FJCBRcyjHM1X4-mcH5vbpr2F7rFc2Jv9qNtdmHKEeqhy4jzSaJKi-CpizoLzM4pLoL-UonLJGghDlBuu_1lkPobxROHMs2yWMVngXmqLww-QjycePJgrBHP7C1w
Host: localhost:5001
User-Agent: PostmanRuntime/7.28.0
Postman-Token: 2be93479-50ab-4f5e-8e9b-1e6445ee96bf

Hello

I'm not sure if some instructions are missing in the README, but when I run the script, I get:

~/code/create-dotnet-devcert/scripts main ❯ ./arch-create-dotnet-devcert.sh    
....+...+...+....+......+........+.........+...+....+++++++++++++++++++++++++++++++++++++++*.+..............+.+..+....+......+..+......+.........+......+.......+...+.....+....+........+...............+...+..........+..+.........+....+......+...+++++++++++++++++++++++++++++++++++++++*..+.....+......+...+......+....+..+......+...+......+....+.........+..+......+....+.....+...+...+...+.......+..+......+.+.....+..................+......+.........+...+.......+......+.....+.........+................+.........+...+..+.......+.....+...+............+..........+...............+......+.....+...+......+...+...+.......+...........+.........+.+.....+.+...+...........+.......+.....+.......+............+..............+......+.+..+.+..+.........+...+.......+...............+...+..+.+........+............+...+.+........+..........+..+......+...+....+..+.+.....+............+.+.........+...+..+......+....+...+...............+.....+....+.....+.+..+......+.+.........+...........+.+..+.+.........+.....+...+....+......+...+......+...+..+...+.+....................+......+.+.....+...+.......+........+....+............+.....+......+..........+...+..+...+.+........+.+.....+......+....+.....+.+...+.....+...+....+..............................+...+................................+.+..+.+...............+..+...+............+.......+..+.........+....+........+.......+..+....+.........+..................+..+.+.....+.......+..+.++++++
.......+..+.+.....+.........+...+.........+.+........+++++++++++++++++++++++++++++++++++++++*.....+++++++++++++++++++++++++++++++++++++++*.......+....+....................+.......+...............+......+...+...........+.........+.......+...+.....+.+......+..............+.........+....+......+..+......................+...+...+...........+...+......+.........+.+..+....+......+.....+....+.........+..+.........+....+.........+........+...+...............+....+...+..+............+.+........+.+......+..+...+....+......+..............+...+...+.......+.......................+.......+.....+.+.................+....+...+..+.............+..................+...+..............+...+...+.......+..+.+...........+...+...............+.+..+....+...........+.........+.+.....+..........+..++++++
-----
Configuring nssdb for /home/j/.pki/nssdb
certutil: could not find certificate named "dotnet-devcert": SEC_ERROR_INVALID_ARGS: security library: invalid arguments.
HTTPS development certificates successfully removed from the machine.
The certificate was successfully imported.

At the bottom it says the cert was successfully imported, but two lines before that, it says there was a certutil error.

Is this normal? Should I just ignore that error?