search

BorisWilhelms / create-dotnet-devcert

A simple script that creates and trusts a self-signed development certificate for dotnet on Linux distributions.
https://blog.wille-zone.de/post/aspnetcore-devcert-for-ubuntu
MIT License
329 stars 71 forks source link

The server mode SSL must use a certificate with the associated private key #7

Closed rsfurlan90 closed 2 years ago

rsfurlan90 commented 2 years ago

Hello, I have been trying to use this script to generate a valid self-signed certificate for my code-server container which is Ubuntu based (by linuxserver) and it runs just fine, with no errors. I can also see the .pem file in /etc/ssl/certs/ and .crt file in /usr/local/share/ca-certificates. Running "openssl verify dotnet-devcert.crt" tells me that certificate is OK too. When I try to run debug, however, I am getting this error:

Exception has occurred: CLR/System.NotSupportedException
An unhandled exception of type 'System.NotSupportedException' occurred in System.Net.Security.dll: 'The server mode SSL must use a certificate with the associated private key.'
   at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware..ctor(ConnectionDelegate next, HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.<>c__DisplayClass12_0.<UseHttps>b__0(ConnectionDelegate next)
   at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Build()
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass30_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location ---

Could you please advice?

rsfurlan90 commented 2 years ago

Nevermind, I figured out what went wrong. I was trying to run the script as a customization of my code-server container (i.e. inside custom-cont-init.d with sudo at the beginning). Turns out that it creates the certificate but it will be available only to sudoers.

Tried to run it (without sudo) in the context of code-server default user "abc" and voilá. All good.

Was able to confirm that by running below commands:

sudo dotnet dev-certs https --check --verbose # certificate found

dotnet dev-certs https --check --verbose # no certificates available