MarkCiliaVincenti / TlsCertificateLoader

Allows loading of TLS certificates for .NET 6.0/7.0/8.0/9.0 Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3.
https://www.nuget.org/packages/TlsCertificateLoader
MIT License
12 stars 1 forks source link
aspnetcore certbot certificates http3 https kestrel middleware net6 net60 net7 net70 net8 net80 net9 net90 security ssl tls

TlsCertificateLoader TlsCertificateLoader

GitHub Workflow Status Nuget Nuget

Allows loading of TLS (HTTPS) certificates for .NET 6.0/7.0/8.0/9.0 Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3. Fully compatible with certificates obtained by Certbot (see sample project without middleware or see sample project using middleware).

Installation

The recommended means is to use NuGet, but you could also download the source code from here.

Usage without middleware

TlsCertificateLoader.TlsCertificateLoader tlsCertificateLoader = new(fullChainPemFilePath, privateKeyPemFilePath);
options.ListenAnyIp(433, o =>
{
     o.SetTlsHandshakeCallbackOptions(tlsCertificateLoader);
     o.SetHttpsConnectionAdapterOptions(tlsCertificateLoader);
     o.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});

And to refresh (eg either on a Timer or watching a directory via PhysicalFileProvider):

tlsCertificateLoader.RefreshDefaultCertificates();

You may also add additional certificate collection for other hostnames (for example if you want to set up mydomain.tld as your default certificate and www.mydomain.tld as your alternate one):

tlsCertificateLoader.AddAdditionalCertificates("www.mydomain.tld", fullChainWwwPemFilePath, privateKeyWwwPemFilePath);

And to refresh additional certificate collections (eg either on a Timer or watching a directory via PhysicalFileProvider):

tlsCertificateLoader.RefreshAdditionalCertificates("www.mydomain.tld");

A sample project using Certbot is available.

Usage with Certbot middleware

Refer to the sample project using Certbot using middleware.

Credits

David Fowler for this idea.