Aspnetcore.docs: Create a page describing how to setup HTTPS

Created on 4 May 2017 · 6Comments · Source: dotnet/AspNetCore.Docs

How to create the certificate cross platform?
How to configure Kestrel to use that certificate in production/development?
How to make sure that certificate is trusted by the browser during development (like we do with the IIS Express certificate)?
Provide URL for fwlink

Skype meeting with Dan and Javier on outline

javiercn to review.

[ ] provide URL for .NET Core CLI fwlink that tells how to trust cert, how to set up HTTPS go here See 2:40 in video see #5393

Edit:
This needs to go in Enforce HTTPS in an ASP.NET Core
The first time you run dotnet after installing the SDK you get this message
Successfully installed the ASP.NET Core HTTPS Development Certificate.
To trust the certificate run 'dotnet dev-certs https --trust' (Windows and macOS only). For establishing trust on other platforms please refer to the platform specific documentation.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.

P1 PU doc-enhancement

Source

danroth27

👍2 😕1

Most helpful comment

@Rick-Anderson edit: Copied this to new issue #6199

We also need to cover how to setup the dev certificate when using Docker in development:

Create an application on Visual Studio using the MVC template.
Run the app to ensure its working.
Add docker support for the application through the tooling.
Modify the dockerfile to expose the port 443 with
EXPOSE 443
Modify the docker-compose override file to map ports, volumes and environement variables as follows (this will all be unnecessary after docker tooling has support for HTTPS):

    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://localhost;http://localhost
      - ASPNETCORE_HTTPS_PORT=44349
    ports:
    # Replace the values on the left by the values on your launchSettings.json
      - "51217:80"
      - "44349:443"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https/

Export the HTTPS certificate into a PFX file using the dev-certs global tool to %APPDATA%/ASP.NET/Https/<>.pfx using a password of your choice (recommended password new-guid on powershell)
On your project, open user secrets and add the following configuration keys:

{
    "Kestrel":{
        "Certificates":{
            "Default":{
                "Path":     "/root/.aspnet/https/<AppName>>.pfx",
                "Password": "<<Your-Password>>"
            }
        }
    }
}

Run your application within the container.
Navigate to the HTTP endpoint on your application
- You should not see any warning about the HTTPS certificate being invalid.
- You should be redirected to the HTTPS endpoint automatically.

danroth27 on 3 May 2018

👍2

All 6 comments

@Rick-Anderson edit: Copied this to new issue #6199

We also need to cover how to setup the dev certificate when using Docker in development:

Create an application on Visual Studio using the MVC template.
Run the app to ensure its working.
Add docker support for the application through the tooling.
Modify the dockerfile to expose the port 443 with
EXPOSE 443
Modify the docker-compose override file to map ports, volumes and environement variables as follows (this will all be unnecessary after docker tooling has support for HTTPS):

    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://localhost;http://localhost
      - ASPNETCORE_HTTPS_PORT=44349
    ports:
    # Replace the values on the left by the values on your launchSettings.json
      - "51217:80"
      - "44349:443"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https/

Export the HTTPS certificate into a PFX file using the dev-certs global tool to %APPDATA%/ASP.NET/Https/<>.pfx using a password of your choice (recommended password new-guid on powershell)
On your project, open user secrets and add the following configuration keys:

{
    "Kestrel":{
        "Certificates":{
            "Default":{
                "Path":     "/root/.aspnet/https/<AppName>>.pfx",
                "Password": "<<Your-Password>>"
            }
        }
    }
}

Run your application within the container.
Navigate to the HTTP endpoint on your application
- You should not see any warning about the HTTPS certificate being invalid.
- You should be redirected to the HTTPS endpoint automatically.

danroth27 on 3 May 2018

👍2

@richlander Did a great job covering this for the docker images and samples, so you should definitely reuse his doc and expand a bit on it. https://github.com/dotnet/dotnet-docker/pull/545/files

javiercn on 18 May 2018

Per @javiercn
We need to have a doc on how to do it with the tool and also how to do it manually in a platform idiomatic way on each platform.

powershell/trust cert store in windows
openssl/keychain on OSX
openssl/<> on Linux (At least Ubuntu, RedHat if possible)

Rick-Anderson on 18 May 2018

@scottaddie can you put this on your priority list?

Rick-Anderson on 1 Jun 2018

@Rick-Anderson I have some more eBook work to do today, but I can look at it next week.

scottaddie on 1 Jun 2018

😕1 👍1

I describe how to setup a base docker image for dotnet core 2.2 with https & http/2 (as well as brotli) here - https://medium.com/@ma1f/docker-dotnet-3d979f56efe6
key environment settings as follows - no need to setup listener in startup with ports etc.

ENV Kestrel:Certificates:Default:Path=/etc/ssl/private/cert.pfx
ENV Kestrel:Certificates:Default:Password=changeit
ENV Kestrel:Certificates:Default:AllowInvalid=true
ENV Kestrel:EndPointDefaults:Protocols=Http1AndHttp2