Runtime: HTTPS on macOS does not work running from the default ASP.NET Core Web App (MVC) template

Created on 13 Aug 2018  路  61Comments  路  Source: dotnet/runtime

_From @Sankra on August 10, 2018 9:1_

Is this a Bug or Feature request?:

Bug, HTTPS should work under development also on macOS.

Steps to reproduce (preferably a link to a GitHub repo with a repro project):

Run the following project on macOS: https://github.com/Sankra/HttpsMacOSFails

Description of the problem:

  1. Downloaded the newest Visual Studio for Mac (7.5.4 Build 3) on macOS 10.13.6.
  2. Created a new web app using the default template ASP.NET Core Web App (MVC) on .NET Core 2.1.
  3. Tried to run the app, both using dotnet run and the debug command in VS for Mac. Requests over HTTPS to https://localhost:5001 fails with the stack trace below.

Regular http works.

Version of Microsoft.AspNetCore.Mvc or Microsoft.AspNetCore.App or Microsoft.AspNetCore.All:

Microsoft.AspNetCore.App 2.1.1

Stack Trace

Hosting environment: Development
Content root path: /Users/sankra/projects/HttpsMacOSFails/HttpsMacOSFails
Now listening on: https://localhost:5001
Application started. Press Ctrl+C to shut down.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Threading.ThreadPool.dll'. Module was built without symbols.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Net.Security.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Diagnostics.StackTrace.dll'. Module was built without symbols.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Reflection.Metadata.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/Microsoft.Win32.Primitives.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Cipher Suite negotiation failure
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Cipher Suite negotiation failure
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)

_Copied from original issue: aspnet/Mvc#8251_

area-System.Net.Security os-mac-os-x

Most helpful comment

Same problem here. Solved using:
sudo dotnet dev-certs https --clean
and then:
dotnet dev-certs https

All 61 comments

_From @mkArtakMSFT on August 10, 2018 16:59_

Thanks for contacting us, @Sankra.
@Tratcher, can you please look into this? Thanks!

What was the error in the browser? These errors in the server are expected if the client does not trust the server's certificate and aborts the connection. See https://blogs.msdn.microsoft.com/webdev/2018/02/27/asp-net-core-2-1-https-improvements/ for trust.

_From @Sankra on August 10, 2018 17:23_

Tried running the trust command again, but it said the cert was already trusted:

Runars-DIPS-MacBook-Pro:~ sankra$ dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.

Here are the screenshots of various browsers trying to access the default site:

Safari:

safari

Chrome:

chrome

Firefox:

firefox

Interesting. I just noticed that last error "Cipher Suite negotiation failure".

I found another report of this error at https://developercommunity.visualstudio.com/content/problem/297841/kestrel-failed-to-authenticate-https-connection-on.html

@davidsh have you seen this with SslStream on Mac?

_From @davidsh on August 13, 2018 20:29_

@davidsh have you seen this with SslStream on Mac?

No, I haven't seen this.

This is an issue for me as well. My colleague with virtually identical setup does not have this issue so it seems to be something with my machine's configuration. Any clues on where to look next?

The reproduction path is simple:

mkdir test
cd test
dotnet new mvc
code .

Then debug through visual studio code 1.27.0 and the same error occurs (or dotnet run). I have tried various things to trust my dev certificate but can't figure out the magic key combination.

cc: @wfurt

I just did this @richardpineo and it works for me. I did dotnet dev-certs https
and dotnet dev-certs https --trust.

I think there is possibility that you have some conflicting certificate for localhost from the past.
I would suggest to run "Keychain Access", look for any localhost certificates/keys, remove them and repeat the steps. Look in both Login and System Keychain. When connection with Browser, you can also check if the expiration and signature looks right. You should see freshly generated certificate.

@wfurt Woohoo - that did it, thanks. I had deleted the localhost certificate in the system section, but not in the login. Really appreciate the quick help.

I'm glad it worked @richardpineo. Can you please give it try as well @sankra?
It seems like it may be key pollution rather than something we would fix as a bug.
(and yes, one could argue we may improve code establishing the trust)

Excellent @wfurt , removing existing cert using Keychain Access and regenerating made the problem disappear. Thanks for your help 馃憤

Same problem here. Solved using:
sudo dotnet dev-certs https --clean
and then:
dotnet dev-certs https

The solution to delete the certificates in the keychain and regenerate them does not work for me.

Neither does to use the command line tool to clear the certificates and regenerate them.

ProductName:    Mac OS X
ProductVersion: 10.13.6
BuildVersion:   17G65
Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.13
 OS Platform: Darwin
 RID:         osx.10.13-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.1.402/

Host (useful for support):
  Version: 2.1.4
  Commit:  85255dde3e

.NET Core SDKs installed:
  2.1.402 [/usr/local/share/dotnet/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.All 2.1.4 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.4 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 2.1.4 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]

If I run the default generateed .net core WebAPI project i get the following

It loads OK

Using launch settings from /Users/Rad/tempo/Properties/launchSettings.json...
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
      User profile is available. Using '/Users/Rad/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
Hosting environment: Development
Content root path: /Users/Rad/tempo
Now listening on: https://localhost:5001
Now listening on: http://localhost:5000

But if I hit the HTTPS endpoint ...

dbug: HttpsConnectionAdapter[1]
      Failed to authenticate HTTPS connection.
System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
dbug: HttpsConnectionAdapter[1]
      Failed to authenticate HTTPS connection.
System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.BeginAuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_0(SslServerAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)

System.IO.IOException: The handshake failed due to an unexpected packet format.

That is very different error. Can please post packet capture? Wireshark or sudo tcpdump -eni lo0 port 5001

Did you try to access it wither with Safari or curl?

Hi @wfurt, I am getting the same problem.

: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
      User profile is available. Using '/Users/ian/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
Hosting environment: Development
Content root path: /Users/ian/Development/Personal/dotNet/MyNewTest/MyNewTest
Now listening on: https://localhost:5001
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.
dbug: HttpsConnectionAdapter[1]
      Failed to authenticate HTTPS connection.
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)

Heres is the tcpdump

13:27:50.577790 AF IPv6 (30), length 76: ::1.5001 > ::1.60680: Flags [F.], seq 129, ack 490, win 6332, options [nop,nop,TS val 130702995 ecr 130687426], length 0
13:27:50.577830 AF IPv6 (30), length 76: ::1.60680 > ::1.5001: Flags [.], ack 130, win 6343, options [nop,nop,TS val 130702995 ecr 130702995], length 0
13:27:54.286618 AF IPv4 (2), length 68: 127.0.0.1.60715 > 127.0.0.1.5001: Flags [S], seq 2058938322, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 130706671 ecr 0,sackOK,eol], length 0
13:27:54.286641 AF IPv4 (2), length 44: 127.0.0.1.5001 > 127.0.0.1.60715: Flags [R.], seq 0, ack 2058938323, win 0, length 0
13:27:54.788395 AF IPv4 (2), length 68: 127.0.0.1.60716 > 127.0.0.1.5001: Flags [S], seq 903232021, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 130707171 ecr 0,sackOK,eol], length 0
13:27:54.788416 AF IPv4 (2), length 44: 127.0.0.1.5001 > 127.0.0.1.60716: Flags [R.], seq 0, ack 903232022, win 0, length 0
13:27:55.293819 AF IPv4 (2), length 68: 127.0.0.1.60717 > 127.0.0.1.5001: Flags [S], seq 1884969780, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 130707670 ecr 0,sackOK,eol], length 0
13:27:55.293952 AF IPv4 (2), length 68: 127.0.0.1.5001 > 127.0.0.1.60717: Flags [S.], seq 3606432403, ack 1884969781, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 130707670 ecr 130707670,sackOK,eol], length 0
13:27:55.293970 AF IPv4 (2), length 56: 127.0.0.1.60717 > 127.0.0.1.5001: Flags [.], ack 1, win 6379, options [nop,nop,TS val 130707670 ecr 130707670], length 0
13:27:55.293990 AF IPv4 (2), length 56: 127.0.0.1.5001 > 127.0.0.1.60717: Flags [.], ack 1, win 6379, options [nop,nop,TS val 130707670 ecr 130707670], length 0
13:27:55.294075 AF IPv4 (2), length 56: 127.0.0.1.60717 > 127.0.0.1.5001: Flags [F.], seq 1, ack 1, win 6379, options [nop,nop,TS val 130707670 ecr 130707670], length 0
13:27:55.294103 AF IPv4 (2), length 56: 127.0.0.1.5001 > 127.0.0.1.60717: Flags [.], ack 2, win 6379, options [nop,nop,TS val 130707670 ecr 130707670], length 0
13:27:55.352916 AF IPv4 (2), length 56: 127.0.0.1.5001 > 127.0.0.1.60717: Flags [F.], seq 1, ack 2, win 6379, options [nop,nop,TS val 130707727 ecr 130707670], length 0
13:27:55.352968 AF IPv4 (2), length 56: 127.0.0.1.60717 > 127.0.0.1.5001: Flags [.], ack 2, win 6379, options [nop,nop,TS val 130707727 ecr 130707727], length 0
13:27:55.360392 AF IPv6 (30), length 76: ::1.60680 > ::1.5001: Flags [F.], seq 490, ack 130, win 6343, options [nop,nop,TS val 130707734 ecr 130702995], length 0
13:27:55.360448 AF IPv6 (30), length 76: ::1.5001 > ::1.60680: Flags [.], ack 491, win 6332, options [nop,nop,TS val 130707734 ecr 130707734], length 0
13:27:55.360580 AF IPv6 (30), length 88: ::1.60718 > ::1.5001: Flags [S], seq 3711393821, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 130707734 ecr 0,sackOK,eol], length 0
13:27:55.360674 AF IPv6 (30), length 88: ::1.5001 > ::1.60718: Flags [S.], seq 2866681611, ack 3711393822, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 130707734 ecr 130707734,sackOK,eol], length 0
13:27:55.360690 AF IPv6 (30), length 76: ::1.60718 > ::1.5001: Flags [.], ack 1, win 6371, options [nop,nop,TS val 130707734 ecr 130707734], length 0
13:27:55.360709 AF IPv6 (30), length 76: ::1.5001 > ::1.60718: Flags [.], ack 1, win 6371, options [nop,nop,TS val 130707734 ecr 130707734], length 0
13:27:55.361104 AF IPv6 (30), length 593: ::1.60718 > ::1.5001: Flags [P.], seq 1:518, ack 1, win 6371, options [nop,nop,TS val 130707734 ecr 130707734], length 517
13:27:55.361133 AF IPv6 (30), length 76: ::1.5001 > ::1.60718: Flags [.], ack 518, win 6363, options [nop,nop,TS val 130707734 ecr 130707734], length 0
13:27:55.440627 AF IPv6 (30), length 1359: ::1.5001 > ::1.60718: Flags [P.], seq 1:1284, ack 518, win 6363, options [nop,nop,TS val 130707812 ecr 130707734], length 1283
13:27:55.440668 AF IPv6 (30), length 76: ::1.60718 > ::1.5001: Flags [.], ack 1284, win 6351, options [nop,nop,TS val 130707812 ecr 130707812], length 0
13:27:55.441280 AF IPv6 (30), length 202: ::1.60718 > ::1.5001: Flags [P.], seq 518:644, ack 1284, win 6351, options [nop,nop,TS val 130707812 ecr 130707812], length 126
13:27:55.441313 AF IPv6 (30), length 76: ::1.5001 > ::1.60718: Flags [.], ack 644, win 6361, options [nop,nop,TS val 130707812 ecr 130707812], length 0
13:27:55.445002 AF IPv6 (30), length 127: ::1.5001 > ::1.60718: Flags [P.], seq 1284:1335, ack 644, win 6361, options [nop,nop,TS val 130707816 ecr 130707812], length 51
13:27:55.445040 AF IPv6 (30), length 76: ::1.60718 > ::1.5001: Flags [.], ack 1335, win 6351, options [nop,nop,TS val 130707816 ecr 130707816], length 0
13:27:55.445836 AF IPv6 (30), length 540: ::1.60718 > ::1.5001: Flags [P.], seq 644:1108, ack 1335, win 6351, options [nop,nop,TS val 130707816 ecr 130707816], length 464
13:27:55.445866 AF IPv6 (30), length 76: ::1.5001 > ::1.60718: Flags [.], ack 1108, win 6354, options [nop,nop,TS val 130707816 ecr 130707816], length 0
13:27:55.661678 AF IPv6 (30), length 204: ::1.5001 > ::1.60718: Flags [P.], seq 1335:1463, ack 1108, win 6354, options [nop,nop,TS val 130708031 ecr 130707816], length 128
13:27:55.661711 AF IPv6 (30), length 76: ::1.60718 > ::1.5001: Flags [.], ack 1463, win 6349, options [nop,nop,TS val 130708031 ecr 130708031], length 0
13:27:55.996634 AF IPv6 (30), length 88: ::1.60719 > ::1.5001: Flags [S], seq 1735990555, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 130708364 ecr 0,sackOK,eol], length 0
13:27:55.996767 AF IPv6 (30), length 88: ::1.5001 > ::1.60719: Flags [S.], seq 3230857279, ack 1735990556, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 130708364 ecr 130708364,sackOK,eol], length 0
13:27:55.996789 AF IPv6 (30), length 76: ::1.60719 > ::1.5001: Flags [.], ack 1, win 6371, options [nop,nop,TS val 130708364 ecr 130708364], length 0
13:27:55.996811 AF IPv6 (30), length 76: ::1.5001 > ::1.60719: Flags [.], ack 1, win 6371, options [nop,nop,TS val 130708364 ecr 130708364], length 0
13:27:55.996979 AF IPv6 (30), length 593: ::1.60719 > ::1.5001: Flags [P.], seq 1:518, ack 1, win 6371, options [nop,nop,TS val 130708364 ecr 130708364], length 517
13:27:55.997014 AF IPv6 (30), length 76: ::1.5001 > ::1.60719: Flags [.], ack 518, win 6363, options [nop,nop,TS val 130708364 ecr 130708364], length 0
13:27:56.025359 AF IPv6 (30), length 1359: ::1.5001 > ::1.60719: Flags [P.], seq 1:1284, ack 518, win 6363, options [nop,nop,TS val 130708391 ecr 130708364], length 1283
13:27:56.025402 AF IPv6 (30), length 76: ::1.60719 > ::1.5001: Flags [.], ack 1284, win 6351, options [nop,nop,TS val 130708391 ecr 130708391], length 0
13:27:56.026095 AF IPv6 (30), length 202: ::1.60719 > ::1.5001: Flags [P.], seq 518:644, ack 1284, win 6351, options [nop,nop,TS val 130708391 ecr 130708391], length 126
13:27:56.026133 AF IPv6 (30), length 76: ::1.5001 > ::1.60719: Flags [.], ack 644, win 6361, options [nop,nop,TS val 130708391 ecr 130708391], length 0
13:27:56.027431 AF IPv6 (30), length 127: ::1.5001 > ::1.60719: Flags [P.], seq 1284:1335, ack 644, win 6361, options [nop,nop,TS val 130708393 ecr 130708391], length 51
13:27:56.027471 AF IPv6 (30), length 76: ::1.60719 > ::1.5001: Flags [.], ack 1335, win 6351, options [nop,nop,TS val 130708393 ecr 130708393], length 0

I also tried to curl it

curl https://localhost:5001/api
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

To confirm, I did the following (on a mac - mac mojave)

sudo dotnet dev-certs https --clean

dotnet dev-certs https --trust

13:27:54.286618 AF IPv4 (2), length 68: 127.0.0.1.60715 > 127.0.0.1.5001: Flags [S], seq 058938322, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 130706671 ecr 0,sackOK,eol], length 0
13:27:54.286641 AF IPv4 (2), length 44: 127.0.0.1.5001 > 127.0.0.1.60715: Flags [R.], seq 0, ack 2058938323, win 0, length 0

It seems like the client even cannot establish TCP. After sending SYN, server immediately resets connection. That generally happens when you try to connect to closed port or if listening application immediately crashes (or throws unhandled exception)

It is also interesting that same sequence on IPv6 has different behavior. Can you post the actual pcap file @appsolutegeek ? (-w on tcpdump)

Maybe @Tratcher can help with debugging server code.
Also make sure you have no other application (or old instance) using that port.
netstat -an| grep 500 would show you if anybody is listening on that port prior running your app.

After running '--clean' did you check keychain and verified that there is no 'localhost' certificate?

Issues with the server TLS parameters would trigger that kind of symptom. E.g. it connects, calls AuthenticateAsServerAsync, fails, and aborts the connection. I assume IPv4 is fine if you connect using http instead of https?

Thanks, guys for the help here.

Here is the netstat command

netstat -an| grep 500
tcp6       0      0  *.61500                *.*                    LISTEN
tcp4       0      0  *.61500                *.*                    LISTEN
fff8c8fc96847085 stream      0      0                0 fff8c8fc9684827d                0                0 /private/tmp/835500b9-549b-435d-b444-97db8935fd88
fff8c8fc86bbf3a5 stream      0      0 fff8c8fc87bed1c5                0                0                0 /private/tmp/835500b9-549b-435d-b444-97db8935fd88

The syntax should be sudo tcpdump -w foo.pcap -eni lo0 port 5001
When you do ^C, it will write data to foo.pcap. Please post that file.

As far as the netstat, it looks ok. I was wondering if there would be something lingering on port 5000.

@wfurt sorry, here is the file with the syntax you asked for

ALso confirmed, when i did a clean and checked the keychain - they were 0 localhost

i think did the --trust and appeared 2 x localhost in the keychain

Here is small example of the console output

dbug: HttpsConnectionAdapter[1]
      Failed to authenticate HTTPS connection.
System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
dbug: HttpsConnectionAdapter[1]
      Failed to authenticate HTTPS connection.
System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)

If I can provide anything more then please let me know.

with regards to using http vs https. I haven't changed anything. It seems to want to use https. I tried passing in the http but no joy. Do I need to change something ?

I came from .net window background, i stopped working with .Net around 3 years ago because of the non multi platform etc - this is my first try with .net core on mac.

I meant does http work if you try that in your curl request?

I did notice it says its listening on port 5000 for http but when i enter that in my browser it redirects me to https 5001

http://localhost:5000

tried the curl on the http get

i.e.

curl http://localhost:5000
curl http://localhost:5000/api
curl http://localhost:5000/api
curl http://localhost:5000/api/controller

no response

This is the sample controller that was created for me

amespace MyNewTest.Controllers {
    [Route("api/[controller]")]
    [ApiController]
    public class ValuesController : ControllerBase {
        // GET api/values
        [HttpGet]
        public ActionResult<IEnumerable<string>> Get() {
            return new string[] {"value1", "value2"};
        }

What's the TCP trace for the http case?

Does this help ? or do you want me to do it with the -w ??

 sudo tcpdump -eni lo0 port 5000
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 262144 bytes
20:51:25.129476 AF IPv6 (30), length 88: ::1.52523 > ::1.5000: Flags [S], seq 4045088461, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 147560564 ecr 0,sackOK,eol], length 0
20:51:25.129563 AF IPv6 (30), length 88: ::1.5000 > ::1.52523: Flags [S.], seq 3577741471, ack 4045088462, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 147560564 ecr 147560564,sackOK,eol], length 0
20:51:25.129580 AF IPv6 (30), length 76: ::1.52523 > ::1.5000: Flags [.], ack 1, win 6371, options [nop,nop,TS val 147560564 ecr 147560564], length 0
20:51:25.129594 AF IPv6 (30), length 76: ::1.5000 > ::1.52523: Flags [.], ack 1, win 6371, options [nop,nop,TS val 147560564 ecr 147560564], length 0
20:51:25.129636 AF IPv6 (30), length 154: ::1.52523 > ::1.5000: Flags [P.], seq 1:79, ack 1, win 6371, options [nop,nop,TS val 147560564 ecr 147560564], length 78
20:51:25.129658 AF IPv6 (30), length 76: ::1.5000 > ::1.52523: Flags [.], ack 79, win 6370, options [nop,nop,TS val 147560564 ecr 147560564], length 0
20:51:25.133969 AF IPv6 (30), length 219: ::1.5000 > ::1.52523: Flags [P.], seq 1:144, ack 79, win 6370, options [nop,nop,TS val 147560568 ecr 147560564], length 143
20:51:25.134015 AF IPv6 (30), length 76: ::1.52523 > ::1.5000: Flags [.], ack 144, win 6369, options [nop,nop,TS val 147560568 ecr 147560568], length 0
20:51:25.134108 AF IPv6 (30), length 76: ::1.52523 > ::1.5000: Flags [F.], seq 79, ack 144, win 6369, options [nop,nop,TS val 147560568 ecr 147560568], length 0
20:51:25.134134 AF IPv6 (30), length 76: ::1.5000 > ::1.52523: Flags [.], ack 80, win 6370, options [nop,nop,TS val 147560568 ecr 147560568], length 0
20:51:25.140189 AF IPv6 (30), length 76: ::1.5000 > ::1.52523: Flags [F.], seq 144, ack 80, win 6370, options [nop,nop,TS val 147560574 ecr 147560568], length 0
20:51:25.140240 AF IPv6 (30), length 76: ::1.52523 > ::1.5000: Flags [.], ack 145, win 6369, options [nop,nop,TS val 147560574 ecr 147560574], length 0
20:51:28.882954 AF IPv6 (30), length 88: ::1.52525 > ::1.5000: Flags [S], seq 2465664313, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 147564296 ecr 0,sackOK,eol], length 0
20:51:28.883065 AF IPv6 (30), length 88: ::1.5000 > ::1.52525: Flags [S.], seq 2179023444, ack 2465664314, win 65535, options [mss 16324,nop,wscale 6,nop,nop,TS val 147564296 ecr 147564296,sackOK,eol], length 0
20:51:28.883088 AF IPv6 (30), length 76: ::1.52525 > ::1.5000: Flags [.], ack 1, win 6371, options [nop,nop,TS val 147564296 ecr 147564296], length 0
20:51:28.883108 AF IPv6 (30), length 76: ::1.5000 > ::1.52525: Flags [.], ack 1, win 6371, options [nop,nop,TS val 147564296 ecr 147564296], length 0
20:51:28.883144 AF IPv6 (30), length 157: ::1.52525 > ::1.5000: Flags [P.], seq 1:82, ack 1, win 6371, options [nop,nop,TS val 147564296 ecr 147564296], length 81
20:51:28.883164 AF IPv6 (30), length 76: ::1.5000 > ::1.52525: Flags [.], ack 82, win 6370, options [nop,nop,TS val 147564296 ecr 147564296], length 0
20:51:28.883622 AF IPv6 (30), length 222: ::1.5000 > ::1.52525: Flags [P.], seq 1:147, ack 82, win 6370, options [nop,nop,TS val 147564296 ecr 147564296], length 146
20:51:28.883649 AF IPv6 (30), length 76: ::1.52525 > ::1.5000: Flags [.], ack 147, win 6369, options [nop,nop,TS val 147564296 ecr 147564296], length 0
20:51:28.883725 AF IPv6 (30), length 76: ::1.52525 > ::1.5000: Flags [F.], seq 82, ack 147, win 6369, options [nop,nop,TS val 147564296 ecr 147564296], length 0
20:51:28.883750 AF IPv6 (30), length 76: ::1.5000 > ::1.52525: Flags [.], ack 83, win 6370, options [nop,nop,TS val 147564296 ecr 147564296], length 0
20:51:28.884032 AF IPv6 (30), length 76: ::1.5000 > ::1.52525: Flags [F.], seq 147, ack 83, win 6370, options [nop,nop,TS val 147564297 ecr 147564296], length 0
20:51:28.884070 AF IPv6 (30), length 76: ::1.52525 > ::1.5000: Flags [.], ack 148, win 6369, options [nop,nop,TS val 147564297 ecr 147564297], length 0

Ok - my bad! Although its a little confusing. If I put the following URL into my browser - everything works without any errors..

https://localhost:5001/api/values

I am using RIDER and it setup a default run configuration that opened

https://localhost:5001

which is invalid and it throws the error.

I edited the default configuration and disabled the launching of the browser on RUN...

and all seems fine now...

Thanks everyone for the help

  • packet 53 is strange: Something is trying plain old HTTP to port 5001. That will fail for sure and it will cause the "unexpected packet format" errors.

I had the same issue and followed the advise and ran

dotnet dev-certs https --clean
dotnet dev-certs https

After that I got a different error message in Safari advising me not to trust the site identified by the localhost cert, by selecting to go ahead anyway I was given the option to trust the cert and then it worked.

Thanks

Open the Keychain app, and remove the localhost (depends on your app) from the system cert location and add id again as a trusted with a command above.

Hello,newbie here,i was following some suggestions and I deleted my certficate of localhost from keychain access
now i'm getting this!
screen shot 2018-11-28 at 11 30 05 am

did i just screw up my entire localhost? how do i fix this?!

run dotnet dev-certs https again. That should generate new pair @GustavoPT
The message is clear about it.

I just did this @richardpineo and it works for me. I did dotnet dev-certs https
and dotnet dev-certs https --trust.

I think there is possibility that you have some conflicting certificate for localhost from the past.
I would suggest to run "Keychain Access", look for any localhost certificates/keys, remove them and repeat the steps. Look in both Login and System Keychain. When connection with Browser, you can also check if the expiration and signature looks right. You should see freshly generated certificate.

The step where you had to delete the localhost certificate in the system section in Keychain Access and then run dotnet dev-certs https and dotnet dev-certs https --trust solves the issue.

Newbie here:
I deleted both localhost certs on my keychain. Now I have none. I ran dotnet run and it then told me to run dotnet dev-certs https and then dotnet dev-certs https --trust. Running both of them, I get

There was an error saving the HTTPS developer certificate to the current user personal certificate store.
https cert error

Anyone know why I might be getting this error? How can I get more info as to why it's not able to save to the "certificate store"?

EDIT:
In fact, when I do any of the dotnet dev-cert https commands, I get the same error above. Just and FYI.

2nd EDIT:
I restarted my computer. Here's the details of what I did.

The yellow lines suggest that this will run under sudo to get temporary privilege elevation. You can check if your current account is capable of doing that.

BTW ASP app should work even if CA is added to login/local store as long as executed from user context, right @Tratcher? (e.g. if user does not have system admin, he/she should be able to make it work with own trust store)

cc: @bartonjs

This doesn't work at all over SSH, btw.

Same problem here. Solved using:
sudo dotnet dev-certs https --clean
and then:
dotnet dev-certs https

sudo dotnet dev-certs https --clean is really helpful.

Just chiming in to say I was having problems establishing a connection to a local SignalR application running on my Mac from a SharedWorker, and running dotnet dev-certs https --clean followed by dotnet dev-certs https --trust fixed the problem.

My web app using VS Code was OK, but all of a sudden I faced the same issue
"HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.ComponentModel.Win32Exception: An unknown error occurred while processing the certificate
--- End of inner exception stack trace --- "
I tried to go back and solve the problem in following steps.
(1) I reverted to dotnet sdk 2.1.701. It did not help me.
(2) I reverted my column "password" property from "Required" to Normal. This got rid of the issue.
But this is not the permanent solution. I further went into the details.
The cause of issue is tracked as under .
The column "password" was added lately in the model class, so it was not reflected in my scaffolded ' 'Create' Page. Though creating new entry was allowed with NULL value of "password" by MySql Workbench, It, afterword, created this issue when I launch app in dev mode.
Now I will revert "password' column to 'Required' and redesign the 'Create' Page to include "password" column.
We have to see at least that all column with "Required" property is not missed while entering other field especially ID/ Primary Key columns.

This seems beyond corefx and certificate manipulation @niranjanbhuta . If you think there is issue with asp.net, open new issue in corresponding repo.

I was having the same issue, and was able to get past it using the following.

dotnet dev-certs https --clean
dotnet dev-certs https

It seems I had an old certificate from a previous .net core install that was conflicting. Removing and reinstalling a new dev cert did the trick. You may have to sudo the commands listed above.

I faced in .NET Core 3.0 the same thing, solved using the same commands stated by @wfurt

dotnet dev-certs https
dotnet dev-certs https --trust

For those that are still having issues even after running the dev certs command, I fixed my issue by upgrading my dotnet core 3.0 preview to the release candidate edition and running the command again.

dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.IO.IOException: The handshake failed due to an unexpected packet format.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
dbug: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.IO.IOException: The handshake failed due to an unexpected packet format.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://localhost:5000/message/negotiate text/plain;charset=UTF-8 0
info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]

I have tried the solutions provided above but still i am getting the error. I updated my .net core version to 3.0.100 and used the below commands. still no use. please kindly help me regarding this.

dotnet dev-certs https --clean
dotnet dev-certs https
dotnet dev-certs https --trust

this almost looks like you mixing http and https @ramakrishna578. I would suggest to do packet capture with Wireshark.

Same issue here, using dotnet Core 3.0.100 on macOS Catalina 10.15.
My situation is even weirder - if I start the app in debug mode (VS Code F5) everything works fine, including https. However, when I use dotnet run, I get the following:

Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware[1]
      Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+AppleCrypto+SslException: Internal error
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
   at System.Net.Security.SslStream.BeginAuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__69_0(SslServerAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)

I've tried removing, adding and trusting the dev cert, and also using a trusted self-signed certificate. The outcome is the same - works in debug mode, fails when using dotnet run.

Any ideas please?

This could be related to https://github.com/aspnet/AspNetCore/issues/15118
This was not really discussed before but on MacOS access to keys is also based on application identity and matching partitions. Also note that 3.0 changed how apps are built and executed and dotnet run will not build self-contain app and it will run it instead of dotnet app.dll as it used to.
Now to explore this possibility run codesign -d -v dotnet and codesign -d -v app to find identity of dotnet and your application. (you can also use ps to see what actually runs in either case) @assafsl. To see relevant certificate and key run 'security dump-keychain -a' and search for "Imported Private Key". You can also monitor access with log stream --process <PID_OF_SECURITYD>
Also note that with Catalina it may depend on from where you run you code. See debate in dotnet/corefx#39904. If this is root cause you can try to add trusted apps in KeyChain or share details @assafsl

Thank you for very much your answer @wfurt .

  1. I could not find any "Imported Private Key" in the keychain dump
  2. codesign -d -v dotnet returned the following (which does not tell me much):
Executable=/usr/local/share/dotnet/dotnet
Identifier=dotnet-55554944cefc0b9a599538cd9741579abf4b3e3a
Format=Mach-O thin (x86_64)
CodeDirectory v=20100 size=704 flags=0x2(adhoc) hashes=17+2 location=system
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12

Running codesign on the app (named "Shield"):

Assafs-MacBook-Pro:netcoreapp3.0 assaf$ codesign -d -v Shield


Executable=/Users/assaf/Dev/artiio/Shield/Shield/bin/Debug/netcoreapp3.0/Shield
Identifier=Hub-55554944a3b20b033902363ea33c285ac2ac118d
Format=Mach-O thin (x86_64)
CodeDirectory v=20100 size=797 flags=0x2(adhoc) hashes=20+2 location=system
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12
  1. log stream... returned the following:

image

I would like to emphasise that when running in debug mode, my self-signed-trusted certificate works perfectly, so I would really like to better understand what is the difference between the run methods.

image

Any help would be greatly appreciated!

@assafsl - Did you ever figure this out? I'm having the same exact issue. VS Code debug mode works. Standalone dotnet run fails with the same authentication error. Also on Mac Catalina 10.15. I didn't have this issue before the Catalina update.

@assafsl - Did you ever figure this out? I'm having the same exact issue. VS Code debug mode works. Standalone dotnet run fails with the same authentication error. Also on Mac Catalina 10.15. I didn't have this issue before the Catalina update.

it's same here for me.

run from vscode or vs for mac is ok
run published version is ok
run by "dotnet run" from source code dir is fail

@wfurt Woohoo - that did it, thanks. I had deleted the localhost certificate in the system section, but not in the login. Really appreciate the quick help.

This did the trick. I missed the login section and was banging my head until I saw this post! Nice!

What is the solution??

_From @Sankra on August 10, 2018 9:1_

Is this a Bug or Feature request?:

Bug, HTTPS should work under development also on macOS.

Steps to reproduce (preferably a link to a GitHub repo with a repro project):

Run the following project on macOS: https://github.com/Sankra/HttpsMacOSFails

Description of the problem:

  1. Downloaded the newest _Visual Studio for Mac (7.5.4 Build 3)_ on _macOS 10.13.6_.
  2. Created a new web app using the default template _ASP.NET Core Web App (MVC)_ on _.NET Core 2.1_.
  3. Tried to run the app, both using dotnet run and the debug command in VS for Mac. Requests over HTTPS to https://localhost:5001 fails with the stack trace below.

Regular http works.

Version of Microsoft.AspNetCore.Mvc or Microsoft.AspNetCore.App or Microsoft.AspNetCore.All:

Microsoft.AspNetCore.App 2.1.1

Stack Trace

Hosting environment: Development
Content root path: /Users/sankra/projects/HttpsMacOSFails/HttpsMacOSFails
Now listening on: https://localhost:5001
Application started. Press Ctrl+C to shut down.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Threading.ThreadPool.dll'. Module was built without symbols.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Net.Security.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Diagnostics.StackTrace.dll'. Module was built without symbols.
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/System.Reflection.Metadata.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
锟絒40m锟絒37mdbug锟絒39m锟絒22m锟絒49m: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
锟絒40m锟絒37mdbug锟絒39m锟絒22m锟絒49m: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
Loaded '/usr/local/share/dotnet/shared/Microsoft.NETCore.App/2.1.1/Microsoft.Win32.Primitives.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
锟絒40m锟絒37mdbug锟絒39m锟絒22m锟絒49m: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
锟絒40m锟絒37mdbug锟絒39m锟絒22m锟絒49m: HttpsConnectionAdapter[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Cipher Suite negotiation failure
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)
HttpsConnectionAdapter:Debug: Failed to authenticate HTTPS connection.

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Cipher Suite negotiation failure
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__51_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)

_Copied from original issue: aspnet/Mvc#8251_

You should follow up discussion here https://github.com/dotnet/aspnetcore/issues/19590 @roalroga. It is not responsibility of runtime to create or manage application certificates. Also commenting on closed issues is not good practice.
If you think your case is different, open new issue.

I just did this @richardpineo and it works for me. I did dotnet dev-certs https
and dotnet dev-certs https --trust.

I think there is possibility that you have some conflicting certificate for localhost from the past.
I would suggest to run "Keychain Access", look for any localhost certificates/keys, remove them and repeat the steps. Look in both Login and System Keychain. When connection with Browser, you can also check if the expiration and signature looks right. You should see freshly generated certificate.

I just wanted to drop by and say that this worked for me. Thank you!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Drawaes picture Drawaes  路  268Comments

nvivo picture nvivo  路  174Comments

hqueue picture hqueue  路  155Comments

syeshchenko picture syeshchenko  路  199Comments

ghuntley picture ghuntley  路  158Comments