Instructions for trusting dev-cert in WSL still result in "certificate is not trusted" warning

dotnet / AspNetCore.Docs

Documentation for ASP.NET Core

https://docs.microsoft.com/aspnet/core

Creative Commons Attribution 4.0 International

12.64k stars 25.28k forks source link

Instructions for trusting dev-cert in WSL still result in "certificate is not trusted" warning #27887

Open glen-84 opened 1 year ago

glen-84 commented 1 year ago

I have followed the instructions:

And I still get:

The ASP.NET Core developer certificate is not trusted. For information about trusting the ASP.NET Core developer certificate, see ...

... when I run the application in WSL.

What am I missing? This should work with the default paths used by Kestrel, right?

(Windows 11, WSL with Debian, dotnet 7, OpenSSL 1.1.1n, etc.)

Document details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: c7ddfb2f-5dea-5e31-2a27-02a4dc16104c
Version Independent ID: 12ca0b9a-2638-a4ce-c45f-d4579c83dafb
Content: Enforce HTTPS in ASP.NET Core
Content Source: aspnetcore/security/enforcing-ssl.md
Product: aspnet-core
Technology: aspnetcore-security
GitHub Login: @Rick-Anderson
Microsoft Alias: riande

Rick-Anderson commented 1 year ago

dotnet dev-certs https --clean dotnet dev-certs https --trust

glen-84 commented 1 year ago

--trust doesn't work on Linux.

Plusce commented 1 year ago

I have the same problem. I installed WSL with Ubuntu 20.04, .NET 7.0.100, also I use Rider IDE.

I tried these steps:

When I run project from Windows terminal, certificate is applied correctly. From WSL Ubuntu terminal it always looks like this:

dotnet run service --project Gymmer.Service Building... info: Gymmer.Service[0] Executing migrations. info: Gymmer.Service[0] Executing seeding. > warn: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[8] > The ASP.NET Core developer certificate is not trusted. For information about trusting the ASP.NET Core developer certificate, see https://aka.ms/aspnet/https-trust-dev-cert.

@Rick-Anderson unfortunately, these commands won't help:

dotnet dev-certs https --clean dotnet dev-certs https --trust

Rick-Anderson commented 1 year ago

@glen-84 @Plusce Partial instructions here

glen-84 commented 1 year ago

@Rick-Anderson

You seem to have linked to a random comment in that issue.

I tried:

dotnet dev-certs https -ep localhost.crt --format PEM
sudo cp localhost.crt /usr/lib/ssl/certs/aspnetcore-https-localhost.pem

... but I still get the warning.

I've posted a comment in the linked issue.

mrtabaa commented 1 year ago

The same issue. Any solution found so far?

StephenRobin commented 1 year ago

I noticed this today. It appears that Microsoft.AspNetCore.Certificates.Generation.UnixCertificateManager has

public override bool IsTrusted(X509Certificate2 certificate) => false;

which causes this warning to be always logged by Kestrel, even when the root certificate is trusted.

Serge-N commented 6 months ago

If you still face this issue : try some ideas from here.