Closed uheee closed 2 years ago
EDIT: Been a while since I checked this repo. It turns out it the script is already multi-distro. You might be having a different problem.
Hey,
I am on arch-based distro's and adjusted this script to my needs some time ago. Maybe @BorisWilhelms can use what I past below to end-up with a script that works for both debian and arch based distro's.
TMP_PATH=/var/tmp/localhost-dev-cert
if [ ! -d $TMP_PATH ]; then
mkdir $TMP_PATH
fi
KEYFILE=$TMP_PATH/dotnet-devcert.key
CRTFILE=$TMP_PATH/dotnet-devcert.crt
PFXFILE=$TMP_PATH/dotnet-devcert.pfx
NSSDB_PATHS=(
"$HOME/.pki/nssdb"
# "$HOME/snap/chromium/current/.pki/nssdb"
# "$HOME/snap/postman/current/.pki/nssdb"
)
CONF_PATH=$TMP_PATH/localhost.conf
cat >> $CONF_PATH <<EOF
[req]
prompt = no
default_bits = 2048
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
[ subject ]
commonName = localhost
[req_ext]
basicConstraints = critical, CA:true
subjectAltName = @alt_names
[x509_ext]
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment
extendedKeyUsage = critical, serverAuth
subjectAltName = critical, @alt_names
1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate # Needed to get it imported by dotnet dev-certs
[alt_names]
DNS.1 = localhost
EOF
function configure_nssdb() {
echo "Configuring nssdb for $1"
certutil -d sql:$1 -D -n dotnet-devcert
certutil -d sql:$1 -A -t "CP,," -n dotnet-devcert -i $CRTFILE
}
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $KEYFILE -out $CRTFILE -config $CONF_PATH --passout pass:
openssl pkcs12 -export -out $PFXFILE -inkey $KEYFILE -in $CRTFILE --passout pass:
for NSSDB in ${NSSDB_PATHS[@]}; do
if [ -d "$NSSDB" ]; then
configure_nssdb $NSSDB
fi
done
#sudo rm /etc/ssl/certs/dotnet-devcert.pem
#sudo cp $CRTFILE "/usr/local/share/ca-certificates"
sudo cp $CRTFILE /etc/ca-certificates/trust-source/anchors
sudo trust extract-compat
dotnet dev-certs https --clean --import $PFXFILE -p ""
#sudo cp /var/tmp/localhost-dev-cert/dotnet-devcert.crt /etc/ca-certificates/trust-source/anchors
rm -R $TMP_PATH
EDIT: Been a while since I checked this repo. It turns out it the script is already multi-distro. You might be having a different problem.
Hey,
I am on arch-based distro's and adjusted this script to my needs some time ago. Maybe @BorisWilhelms can use what I past below to end-up with a script that works for both debian and arch based distro's.
TMP_PATH=/var/tmp/localhost-dev-cert if [ ! -d $TMP_PATH ]; then mkdir $TMP_PATH fi KEYFILE=$TMP_PATH/dotnet-devcert.key CRTFILE=$TMP_PATH/dotnet-devcert.crt PFXFILE=$TMP_PATH/dotnet-devcert.pfx NSSDB_PATHS=( "$HOME/.pki/nssdb" # "$HOME/snap/chromium/current/.pki/nssdb" # "$HOME/snap/postman/current/.pki/nssdb" ) CONF_PATH=$TMP_PATH/localhost.conf cat >> $CONF_PATH <<EOF [req] prompt = no default_bits = 2048 distinguished_name = subject req_extensions = req_ext x509_extensions = x509_ext [ subject ] commonName = localhost [req_ext] basicConstraints = critical, CA:true subjectAltName = @alt_names [x509_ext] basicConstraints = critical, CA:true keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment extendedKeyUsage = critical, serverAuth subjectAltName = critical, @alt_names 1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate # Needed to get it imported by dotnet dev-certs [alt_names] DNS.1 = localhost EOF function configure_nssdb() { echo "Configuring nssdb for $1" certutil -d sql:$1 -D -n dotnet-devcert certutil -d sql:$1 -A -t "CP,," -n dotnet-devcert -i $CRTFILE } openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $KEYFILE -out $CRTFILE -config $CONF_PATH --passout pass: openssl pkcs12 -export -out $PFXFILE -inkey $KEYFILE -in $CRTFILE --passout pass: for NSSDB in ${NSSDB_PATHS[@]}; do if [ -d "$NSSDB" ]; then configure_nssdb $NSSDB fi done #sudo rm /etc/ssl/certs/dotnet-devcert.pem #sudo cp $CRTFILE "/usr/local/share/ca-certificates" sudo cp $CRTFILE /etc/ca-certificates/trust-source/anchors sudo trust extract-compat dotnet dev-certs https --clean --import $PFXFILE -p "" #sudo cp /var/tmp/localhost-dev-cert/dotnet-devcert.crt /etc/ca-certificates/trust-source/anchors rm -R $TMP_PATH
It does not work for me. Is it because curl
and .NET HttpClient
do not recognize PKCS11
certificates?
I cannot reproduce this issue. Since this issue is quite old, I will close it. Feel free to open a new issue if you have any problems.
I use archlinux. After I exec the script, chrome browser can visit my web API currently. But when I wanted to call it in .NET console program:
It raised an error:
And when I use
curl
to visithttps://localhost:5001/WeatherForecast
it returnedcurl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:5001
.How to solve it?