I have a very basic self-hosted .NET core 2.1 application with the following configuration:
public class Program
{
public static void Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.Build();
host.Run();
}
}
and very typical simple controller as follows:
[Route("api/[controller]")]
[ApiController]
public class ValuesController : ControllerBase
{
// GET api/values
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
[HttpGet("{id}")]
public ActionResult<string> Get(int id)
{
return "value";
}
// POST api/values
[HttpPost]
public void Post([FromBody] string value)
{
}
// PUT api/values/5
[HttpPut("{id}")]
public void Put(int id, [FromBody] string value)
{
}
// DELETE api/values/5
[HttpDelete("{id}")]
public void Delete(int id)
{
}
}
This application works pretty fine when I test it and navigate to my HTTPS local endpoint port (44325 in my case):
https://localhost:44325/api/values
All good so far. Now I want to figure out where the certificate for this HTTPS connection is coming from since I am not using IIS Express and indeed the certificate doesn't belong to IIS Express:
I cant find above certificate in my certificate store when I search for its thumbprint. How does this certificate gets generated? Where can I find it? why does this certificate work in Edge and chrome but in Firefox its not trusted? is it generated on the fly?
My launch setting is as follows:
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:55894",
"sslPort": 44325
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "api/values",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"Experimental1": {
"commandName": "Project",
"launchBrowser": true,
"launchUrl": "api/values",
"applicationUrl": "https://localhost:44325;http://localhost:55894",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
I am using the Experimental1 profile not the IIS Express and I see my little console when I run the application.
How does this certificate gets generated?
The .NET Core SDK generates the certificate the first time we run dotnet new
See https://blogs.msdn.microsoft.com/webdev/2018/02/27/asp-net-core-2-1-https-improvements/
Where can I find it?
The SDK installs the ASP.NET Core HTTPS Development Certificate into the local user certificate store.
localhost
why does this certificate work in Edge and chrome but in Firefox its not trusted?
Indeed. Even after running dotnet dev-certs https --trust
, Firefox does not trust the certificate and complains that, "The certificate is not trusted because it is self-signed."
It might simply be that Firefox no longer trusts self-signed certificates. My workaround is to add a security exception.