How would I be able to configure my own certificate as the "default" used by Kestrel when running local ASP.NET core apps on Linux?
I know that I can run the dotnet dev-certs https
command to generate a new development certificate, but that will generate a new self-signed certificate. I don't want to have to trust this certificate - I already have my own local CA for development and would like to sign a cert for use by ASP.NET core.
I also know that you can configure the cert Kestrel uses within my app code (https://devblogs.microsoft.com/aspnet/configuring-https-in-asp-net-core-across-different-platforms/), but I don't believe this should be part of the application. It's my personal preference to use my own CA-signed cert locally, and I don't want to force other developers to manage their own certificates if they're happy trusting the auto-generated cert.
I have tried dropping a certificate into the local "My" certificate store where the self-signed development cert gets created (~/.dotnet/corefx/cryptography/x509stores/my/
), but it doesn't get used - I get the error that happens when you don't have a cert at all:
crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
Is it possible to configure my own certificate, or am I forced to use the one generated by dotnet core?
See Question&Answers more detail:os