HTTPS support

[sniper9191]

I am testing ACME-ADCS, for use with https://developer.apple.com/documentation/devicemanagement/acmecertificate

Apple requires that the ACME server uses HTTPS.

When I deployed the ACME-ADCS server, http://server/ works fine, and displays the service description. Whereas, https://server/ gives "site cannot be reached" (a valid and trusted TLS certificate has already been bound to port 443 at IIS)

Is there some other setting that controls the behavior/support of HTTPS?

[glatzert]

Hi there, this server is RFC 8555 compliant. Device certificates are not part of that RFC. I will at some point in the future implement the ACME extensions as defined in some RFCs, but that has not been done, yet.

I cannot comment on the https problems, since that's your environment. If you deploy it to an IIS, there's nothing the software needs to do about https. If you deploy it standalone (which is documented currently) you need to provide the correct settings to kestrel and it will just work (e.g. if a hello world asp net core application works, acme-acds will also)

[sniper9191]

I've configured IIS binding for port 443, and a valid TLS cert, bu it does not work.

Clearly, something else needs to be configured, for the app to work over HTTPS. It's not merely "that's your environment" as you say.

I'd appreciate some assistance, if you are planning to actually license this.

[glatzert]

Let's assume the following steps:

• Install IIS and make sure, it's reachable via :80 for / (c:\inetpub\wwwroot)
• Confige SSL for IIS and make sure it's reachable via :443 for /

After that - there's nothing else to do to enable SSL. The application does not need to be configured to support SSL, if it's running with IIS - it'll just work

Edit: Also using other paths besides / should work out-of-the-box.

[sniper9191]

Yes, that is what I'm trying to say - I have installed IIS, deployed the dotnet core app, and it works over :80 for / I then configured IIS for SSL (including binding a valid TLS cert), and tried :443 for / but it gives me HTTP error 503

It does not appear to be a TLS issue - I checked using a TLS scanner against IP:443, and it reads the TLS cert correctly (i.e. the IIS binding is valid and working)

at this point, all signs point to the dotnet core app not being able to handle HTTPS or that some additional app-sided setting is required (i.e. it is not enough to configure IIS alone, nor it is an 'environment issue')

[glatzert]

The app does not need to specifically handle it (only for generating links), so your conclusion might be incorrect. I run something in the vicinity of 50 aspnet core apps on iis and the apps are all working as expected without explicit caring about it.

What does the windows error log tell? What is logged if you output the aspnetcore stout (see web.config, but be aware of access rights to the location). What does IIS failed request tracing log?