Sdk: Unable to trust development certificate
Working with @sayedihashimi as an intern at Microsoft, and I'm running into this blocking issue. He was unable to figure out what was going on.
Steps to reproduce
- Create project using
dotnet new web dotnet builddotnet run
Expected behavior
Web app runs
Actual behavior
Getting error about development certificate
Anands-MBP:dasdasdakjfh louistaing$ dotnet run
: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using '/Users/louistaing/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
crit: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
Unhandled Exception: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
at dasdasdakjfh.Program.Main(String[] args) in /Users/louistaing/Projects/dasdasdakjfh/dasdasdakjfh/Program.cs:line 17
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --clean
Cleaning HTTPS development certificates from the machine. This operation might require elevated privileges. If that is the case, a prompt for credentials will be displayed.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --trust
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --clean --verbose
Cleaning HTTPS development certificates from the machine. This operation might require elevated privileges. If that is the case, a prompt for credentials will be displayed.
HTTPS development certificates successfully removed from the machine.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --check --verbose
No valid certificate found.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --trust --verbose
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --check --verbose
No valid certificate found.
Anands-MBP:dasdasdakjfh louistaing$
Environment data
dotnet --info output:
Anands-MBP:dasdasdakjfh louistaing$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 2.2.401
Commit: 729b316c13
Runtime Environment:
OS Name: Mac OS X
OS Version: 10.13
OS Platform: Darwin
RID: osx.10.13-x64
Base Path: /usr/local/share/dotnet/sdk/2.2.401/
Host (useful for support):
Version: 2.2.6
Commit: 7dac9b1b51
.NET Core SDKs installed:
2.1.700 [/usr/local/share/dotnet/sdk]
2.2.300 [/usr/local/share/dotnet/sdk]
2.2.401 [/usr/local/share/dotnet/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.11 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.5 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.6 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.11 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.5 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.6 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.11 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.5 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.6 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
Anands-MBP:dasdasdakjfh louistaing$
LouisT123
All 12 comments
@anurse is this something that you can take a look at?
livarcocc
on 13 Aug 2019
It seems from the list of commands that you removed the certificate but haven't added it back.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --clean --verbose
Cleaning HTTPS development certificates from the machine. This operation might require elevated privileges. If that is the case, a prompt for credentials will be displayed.
HTTPS development certificates successfully removed from the machine.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --check --verbose
No valid certificate found.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --trust --verbose
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --check --verbose
No valid certificate found.
Anands-MBP:dasdasdakjfh louistaing$
He tried adding it, several times actually.
@louist123 please execute the following and paste results here: clean, check, trust and check again.
sayedihashimi
on 13 Aug 2019
@livarcocc you can see in the output he did try trust.
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <
sayedihashimi
on 13 Aug 2019
@sayedihashimi Executed:
Last login: Mon Aug 12 10:39:15 on ttys000
Anands-MBP:~ louistaing$ cd /Users/louistaing/Projects/dasdasdakjfh/dasdasdakjfh/Program.cs
-bash: cd: /Users/louistaing/Projects/dasdasdakjfh/dasdasdakjfh/Program.cs: Not a directory
Anands-MBP:~ louistaing$ cd /Users/louistaing/Projects/dasdasdakjfh/dasdasdakjfh/
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --clean
Cleaning HTTPS development certificates from the machine. This operation might require elevated privileges. If that is the case, a prompt for credentials will be displayed.
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --check
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --check
Anands-MBP:dasdasdakjfh louistaing$
- @javiercn
anurse
on 13 Aug 2019
There can be something in the environment that is causing the tool to not work correctly. I'll double check tomorrow on my Mac to see if I repro the behavior on a clean machine and I'll see what info we can gather to figure out what's going on.
javiercn
on 13 Aug 2019
We found a bug with the dev-certs tool that caused issues with --clean and --check. We'll be fixing it in preview9.
It's hard to see if your scenario is hitting this issue but it's a good guess that it is
BrennanConroy
on 15 Aug 2019
👍1
@BrennanConroy thanks for the follow up. Perhaps when you have a build with the fix then @LouisT123 can try it out to confirm that it's working for him. When do you think you may have a new build with the fix?
sayedihashimi
on 15 Aug 2019
I'm going to move this to aspnet/AspNetCore since we found actionable work (probably could've merged it earlier anyway :)). An issue link will be posted next, please move discussion to that thread.
Thanks for the report @LouisT123 !
anurse
on 15 Aug 2019
This issue was moved to aspnet/AspNetCore#13175
anurse
on 15 Aug 2019
Encountered the same issue on macOS. As a solution, in the keychain, remove the old localhost certificate under 'System' and recreate it via the dotnet commands described in the docs. It will be placed under 'login'.
ncbb
on 22 Nov 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
davkean
路
3Comments
pranavkm
路
3Comments
srivatsn
路
3Comments
dasMulli
路
3Comments
Petermarcu
路
3Comments
Most helpful comment
Encountered the same issue on macOS. As a solution, in the keychain, remove the old localhost certificate under 'System' and recreate it via the dotnet commands described in the docs. It will be placed under 'login'.