Comments (3)
sarvasana
commented on June 16, 2024
EDIT:
Been a while since I checked this repo.
It turns out it the script is already multi-distro.
You might be having a different problem.
Hey,
I am on arch-based distro's and adjusted this script to my needs some time ago.
Maybe @BorisWilhelms can use what I past below to end-up with a script that works for both debian and arch based distro's.
TMP_PATH=/var/tmp/localhost-dev-cert
if [ ! -d $TMP_PATH ]; then
mkdir $TMP_PATH
fi
KEYFILE=$TMP_PATH/dotnet-devcert.key
CRTFILE=$TMP_PATH/dotnet-devcert.crt
PFXFILE=$TMP_PATH/dotnet-devcert.pfx
NSSDB_PATHS=(
"$HOME/.pki/nssdb"
# "$HOME/snap/chromium/current/.pki/nssdb"
# "$HOME/snap/postman/current/.pki/nssdb"
)
CONF_PATH=$TMP_PATH/localhost.conf
cat >> $CONF_PATH <<EOF
[req]
prompt = no
default_bits = 2048
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
[ subject ]
commonName = localhost
[req_ext]
basicConstraints = critical, CA:true
subjectAltName = @alt_names
[x509_ext]
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment
extendedKeyUsage = critical, serverAuth
subjectAltName = critical, @alt_names
1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate # Needed to get it imported by dotnet dev-certs
[alt_names]
DNS.1 = localhost
EOF
function configure_nssdb() {
echo "Configuring nssdb for $1"
certutil -d sql:$1 -D -n dotnet-devcert
certutil -d sql:$1 -A -t "CP,," -n dotnet-devcert -i $CRTFILE
}
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $KEYFILE -out $CRTFILE -config $CONF_PATH --passout pass:
openssl pkcs12 -export -out $PFXFILE -inkey $KEYFILE -in $CRTFILE --passout pass:
for NSSDB in ${NSSDB_PATHS[@]}; do
if [ -d "$NSSDB" ]; then
configure_nssdb $NSSDB
fi
done
#sudo rm /etc/ssl/certs/dotnet-devcert.pem
#sudo cp $CRTFILE "/usr/local/share/ca-certificates"
sudo cp $CRTFILE /etc/ca-certificates/trust-source/anchors
sudo trust extract-compat
dotnet dev-certs https --clean --import $PFXFILE -p ""
#sudo cp /var/tmp/localhost-dev-cert/dotnet-devcert.crt /etc/ca-certificates/trust-source/anchors
rm -R $TMP_PATH
from create-dotnet-devcert.
uheee
commented on June 16, 2024
EDIT: Been a while since I checked this repo. It turns out it the script is already multi-distro. You might be having a different problem.
Hey,
I am on arch-based distro's and adjusted this script to my needs some time ago. Maybe @BorisWilhelms can use what I past below to end-up with a script that works for both debian and arch based distro's.
TMP_PATH=/var/tmp/localhost-dev-cert if [ ! -d $TMP_PATH ]; then mkdir $TMP_PATH fi KEYFILE=$TMP_PATH/dotnet-devcert.key CRTFILE=$TMP_PATH/dotnet-devcert.crt PFXFILE=$TMP_PATH/dotnet-devcert.pfx NSSDB_PATHS=( "$HOME/.pki/nssdb" # "$HOME/snap/chromium/current/.pki/nssdb" # "$HOME/snap/postman/current/.pki/nssdb" ) CONF_PATH=$TMP_PATH/localhost.conf cat >> $CONF_PATH <<EOF [req] prompt = no default_bits = 2048 distinguished_name = subject req_extensions = req_ext x509_extensions = x509_ext [ subject ] commonName = localhost [req_ext] basicConstraints = critical, CA:true subjectAltName = @alt_names [x509_ext] basicConstraints = critical, CA:true keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment extendedKeyUsage = critical, serverAuth subjectAltName = critical, @alt_names 1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate # Needed to get it imported by dotnet dev-certs [alt_names] DNS.1 = localhost EOF function configure_nssdb() { echo "Configuring nssdb for $1" certutil -d sql:$1 -D -n dotnet-devcert certutil -d sql:$1 -A -t "CP,," -n dotnet-devcert -i $CRTFILE } openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $KEYFILE -out $CRTFILE -config $CONF_PATH --passout pass: openssl pkcs12 -export -out $PFXFILE -inkey $KEYFILE -in $CRTFILE --passout pass: for NSSDB in ${NSSDB_PATHS[@]}; do if [ -d "$NSSDB" ]; then configure_nssdb $NSSDB fi done #sudo rm /etc/ssl/certs/dotnet-devcert.pem #sudo cp $CRTFILE "/usr/local/share/ca-certificates" sudo cp $CRTFILE /etc/ca-certificates/trust-source/anchors sudo trust extract-compat dotnet dev-certs https --clean --import $PFXFILE -p "" #sudo cp /var/tmp/localhost-dev-cert/dotnet-devcert.crt /etc/ca-certificates/trust-source/anchors rm -R $TMP_PATH
It does not work for me. Is it because curl and .NET HttpClient do not recognize PKCS11 certificates?
from create-dotnet-devcert.
BorisWilhelms
commented on June 16, 2024
I cannot reproduce this issue. Since this issue is quite old, I will close it. Feel free to open a new issue if you have any problems.
from create-dotnet-devcert.
Related Issues (12)
- Great job.
- I am working with Microsoft Tye on Ubuntu it seem to help development on microservices. I am also working with the abp framework they have an example project called eShopOnAbp
- Cert not trusted, SSL Handshake Failing HOT 5
- ipv6 devcert
- Work well before but error when upgrading to 22.04 from 20.04
- certutil: could not find certificate named "dotnet-devcert": SEC_ERROR_INVALID_ARGS: security library: invalid arguments. HOT 1
- Requires dotnet 5. HOT 11
- IdentityServer4 service-to-service communication Error UntrustedRoot HOT 9
- Help required for running in Docker (Ubuntu) HOT 4
- The server mode SSL must use a certificate with the associated private key HOT 1
- Running command from outside scripts folder fails HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from create-dotnet-devcert.