-
-
Save tebeco/f91e71be68ae9a4b2ac54e70db17d2d2 to your computer and use it in GitHub Desktop.
.NET Core SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Linq; | |
using System.Threading.Tasks; | |
using Microsoft.AspNetCore; | |
using Microsoft.AspNetCore.Hosting; | |
using Microsoft.Extensions.Configuration; | |
using Microsoft.Extensions.Logging; | |
namespace TestApplication | |
{ | |
public class Program | |
{ | |
public static void Main(string[] args) | |
{ | |
CreateWebHostBuilder(args).Build().Run(); | |
} | |
public static IWebHostBuilder CreateWebHostBuilder(string[] args) | |
{ | |
// return WebHost.CreateDefaultBuilder(args) | |
// .UseStartup<Startup>(); | |
return WebHost.CreateDefaultBuilder(args) | |
/* | |
.UseKestrel(options => | |
{ | |
string password = ""; | |
password = null; | |
options.Listen(System.Net.IPAddress.Any, 5001, | |
listenOptions => { listenOptions.UseHttps("BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx", password); }); | |
}) | |
*/ | |
.UseStartup<Startup>(); | |
} | |
} | |
} | |
// pacman -S yay | |
// pacman -S yaourt | |
// https://confluence.jetbrains.com/display/IDEADEV/Filesystem+Case-Sensitivity+Mismatch | |
// https://www.ostechnix.com/install-oracle-java-8-arch-linux/ | |
// yay jdk | |
// pacman -S mono | |
// pacman -S dotnet-runtime | |
// pacman -S dotnet-sdk | |
// dotnet tool install --global dotnet-dev-certs | |
// export DOTNET_ROOT="/opt/dotnet" | |
// export PATH="$PATH:/root/.dotnet/tools" | |
// dotnet dev-certs https | |
// https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https.md | |
// Note: dotnet dev-certs https --trust is only supported on macOS and Windows. | |
// You need to trust certs on Linux in the way that is supported by your distro. | |
// It is likely that you need to trust the certificate in your browser. | |
// dotnet dev-certs https --trust | |
// locate .pfx | sed '/flatpak/d;' | |
// /root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx | |
// alternative: | |
// https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/ | |
// openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer> | |
// "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -out certificatename.pem | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -clcerts -nokeys -out certificate.cer | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -out certificatename.pem | |
// openssl x509 -outform der -in certificatename.pem -out certificatename.cer | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > cacerts.cer | |
// With OpenSSL you can convert pfx to Apache compatible format with next commands: | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -clcerts -nokeys -out domain.cer | |
// openssl pkcs12 -in domain.pfx -nocerts -nodes -out domain.key | |
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer | |
// cp myca.crt /usr/local/share/ca-certificates/ | |
// update-ca-certificates | |
// Arch/Manjaro: Instead of update-ca-certificates, run | |
// trust extract-compat | |
// sudo trust anchor --store /usr/share/ca-certificates//BB65DE78AD4E81B767245843CCA962526BA62C2D.cer | |
// https://dzone.com/articles/enforce-ssl-and-use-hsts-in-net-core20-net-core-se | |
// https://coderscoffeehouse.com/tech/2017/11/24/aspnetcore-ssl.html | |
// https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio | |
// https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio | |
https://blogs.msdn.microsoft.com/webdev/2017/11/29/configuring-https-in-asp-net-core-across-different-platforms/ | |
https://www.blinkingcaret.com/2017/03/01/https-asp-net-core/ | |
https://neelbhatt.com/2018/02/04/enforce-ssl-and-use-hsts-in-net-core2-0-net-core-security-part-i/ | |
https://cmatskas.com/enforcing-https-only-traffic-with-asp-net-core-and-kestrel/ | |
https://hstspreload.org/ | |
https://neelbhatt.com/2018/02/06/asp-net-core-2-1-features/ | |
https://neelbhatt.com/2018/06/09/gdpr-in-net-core-net-core-security-part-vii/ | |
https://stackoverflow.com/questions/46336341/configure-asp-net-core-2-0-kestrel-for-https | |
https://www.c-sharpcorner.com/article/using-https-in-asp-net-core-2-0/ | |
https://www.recaffeinate.co/post/enforce-https-aspnetcore-api/ | |
https://stackoverflow.com/questions/50935730/asp-net-core-2-1-kestrel-how-to-disable-https?rq=1 | |
https://stackoverflow.com/questions/46507029/how-to-disable-https-in-visual-studio-2017-web-proj-asp-net-core-2-0 | |
https://exceptionnotfound.net/working-with-environments-and-launch-settings-in-asp-net-core/ | |
https://cmatskas.com/enforcing-https-only-traffic-with-asp-net-core-and-kestrel/ | |
https://stackify.com/how-to-deploy-asp-net-core-to-iis/?utm_referrer=https%3A%2F%2Fwww.google.com%2F | |
https://asp.net-hacker.rocks/2018/07/05/aspnetcore-ssl.html | |
New-SelfSignedCertificate -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(1) -Subject "localhost" -KeyAlgorithm "RSA" -KeyLength 2048 -HashAlgorithm "SHA256" -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsage KeyEncipherment -FriendlyName "HTTPS development certificate" -TextExtension @("2.5.29.19={critical}{text}","2.5.29.37={critical}{text}1.3.6.1.5.5.7.3.1","2.5.29.17={critical}{text}DNS=localhost") | |
C:\Users\username\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates | |
PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My | |
Thumbprint Subject | |
---------- ------- | |
DAABF766358B18A827B3CFF73EE4AB07B7841987 CN=localhost | |
Microsoft.AspNetCore.HttpsPolicy | |
dotnet dev-certs https --trust | |
https://docs.microsoft.com/en-us/windows/desktop/seccrypto/makecert | |
https://dontpaniclabs.com/blog/post/2017/01/11/creating-self-signed-ssl-certificate-developing-testing-iis/ | |
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-temporary-certificates-for-use-during-development | |
https://blogs.msdn.microsoft.com/benjaminperkins/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning/ | |
https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/ | |
https://stackoverflow.com/questions/2292495/what-is-the-difference-between-a-cer-pvk-and-pfx-file | |
makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer | |
makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer | |
makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr currentuser -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -ic TempCA.cer SignedByCA.cer -pe myCert.cer | |
-sr currentuser | |
makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr currentuser -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -ic TempCA.cer SignedByCA.cer -pe myCert.cer | |
makecert -sk SignedByCA -iv TempCA.pvk -n "CN=SignedByCA" -ic TempCA.cer SignedByCA.cer -sr currentuser -ss My | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment