VS2017 Docker debugging failed: Failed to create the certificate

[MichaelSL]

Created new NET Core MVC application on clean installed Windows 10 Pro 1803.

Trying to start debugging and get: Adding the certificate to the Trusted Root Certficates store failed with the following error: Failed to create the certificate.

Already created a local account, removed %userprofile%\vsdbg and %userprofile%\onecoremsvsmon

VS info:

Version 15.8.0 Preview 1.0
VisualStudio.15.Preview/15.8.0-pre.1.0+27705.0
Microsoft .NET Framework
Version 4.7.03056

Installed Version: Community

Application Insights Tools for Visual Studio Package   8.12.10405.1
Application Insights Tools for Visual Studio

ASP.NET and Web Tools 2017   15.0.40502.0
ASP.NET and Web Tools 2017

ASP.NET Core Razor Language Services   15.7.31476
Provides languages services for ASP.NET Core Razor.

ASP.NET Web Frameworks and Tools 2017   5.2.60419.0
For additional information, visit https://www.asp.net/

Azure App Service Tools v3.0.0   15.0.40424.0
Azure App Service Tools v3.0.0

Azure Data Lake Node   1.0
This package contains the Data Lake integration nodes for Server Explorer.

Azure Data Lake Tools for Visual Studio   2.3.3000.2
Microsoft Azure Data Lake Tools for Visual Studio

Azure Functions and Web Jobs Tools   15.0.40424.0
Azure Functions and Web Jobs Tools

Azure Stream Analytics Tools for Visual Studio   2.3.3000.2
Microsoft Azure Stream Analytics Tools for Visual Studio

C# Tools   2.8.0-beta6-62830-08. Commit Hash: e595ee276d14e14bfb3eb323fb57f2aa668bddea
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools   1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Fabric.DiagnosticEvents   1.0
Fabric Diagnostic Events

GitHub.VisualStudio   2.2.0.10
A Visual Studio Extension that brings the GitHub Flow into Visual Studio.

JavaScript Language Service   2.0
JavaScript Language Service

Microsoft Azure HDInsight Azure Node   2.3.3000.2
HDInsight Node under Azure Node

Microsoft Azure Hive Query Language Service   2.3.3000.2
Language service for Hive query

Microsoft Azure Service Fabric Tools for Visual Studio   2.1
Microsoft Azure Service Fabric Tools for Visual Studio

Microsoft Azure Stream Analytics Language Service   2.3.3000.2
Language service for Azure Stream Analytics

Microsoft Azure Stream Analytics Node   1.0
Azure Stream Analytics Node under Azure Node

Microsoft Azure Tools   2.9
Microsoft Azure Tools for Microsoft Visual Studio 2017 - v2.9.10420.2

Microsoft Continuous Delivery Tools for Visual Studio   0.3
Simplifying the configuration of continuous build integration and continuous build delivery from within the Visual Studio IDE.

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft Library Manager   1.0
Install client-side libraries easily to any web project

Microsoft MI-Based Debugger   1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual Studio Tools for Containers   1.1
Develop, run, validate your ASP.NET Core applications in the target environment. F5 your application directly into a container with debugging, or CTRL + F5 to edit & refresh your app without having to rebuild the container.

NuGet Package Manager   4.6.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

ProjectServicesPackage Extension   1.0
ProjectServicesPackage Visual Studio Extension Detailed Info

ResourcePackage Extension   1.0
ResourcePackage Visual Studio Extension Detailed Info

SQL Server Data Tools   15.1.61804.210
Microsoft SQL Server Data Tools

Syntax Visualizer   1.0
An extension for visualizing Roslyn SyntaxTrees.

ToolWindowHostedEditor   1.0
Hosting json editor into a tool window

TypeScript Tools   15.7.20419.2003
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools   2.8.0-beta6-62830-08. Commit Hash: e595ee276d14e14bfb3eb323fb57f2aa668bddea
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 10.1 for F# 4.1   15.7.0.0.  Commit Hash: 16ecf5a30ad868d183c58e4a71a71c23d4ed3ba9.
Microsoft Visual F# Tools 10.1 for F# 4.1

Visual Studio Code Debug Adapter Host Package   1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Tools for Containers   1.0
Visual Studio Tools for Containers`

[haniamr]

@MichaelSL thanks for reporting. Which version of dotnet core 2.1 did you install? and that local account you created, is it an admin account? If not, can you make sure it has write permissions to these folders:

• %APPDATA%\Microsoft\UserSecrets
• %APPDATA%\ASP.NET

Thanks!

[hbiarge]

I can reproduce this one. In a solution with two Asp.Net Core projects, both of them with support for docker. If both have an UserSecretId it works perfectly, but if you delete the UserSecretId for one of the projects (in the .csproj file) you get this Failed to create the certificate error. Tested in two different solutions with the same result. Visual Studio 2017 Professional 15.7.1 Hope this helps.

[haniamr]

@hbiarge thanks for sharing, if that's the case, then the error is expected since we use the UserSecretId to store the local certificate export password, so when trying to export it into the container it fails if that's not found.

[aaroncoville]

I too have this issue, and it is not with multiple projects. On a clean install all I do is create a new project with both Docker and Azure Active Directory authentication and the project will not run, with this error.

I've tried getting a project with both Docker and Azure Active Directory a number of ways, always failing. If I template both out of the gate I receive this certificate error. If I try without anything and add on Docker Support and Azure Active Directory I cannot get it work, but receive different errors.

[MichaelSL]

Sorry for the late answer. Debug started after recent Docker update.

• NET Core version: 2.1.200
• User is admin and has permissions to both directories.
• No User Secrets used - just a new web application project.

Everything is fixed for me. @Eltargrim did you manage to resolve your issue?

[jbt00000]

I'm getting the same issue.... Visual Studio Enterprise 15.7.1 .NET Core 2.0 ASP.NET Core Web Application Docker (OS=Linux)

Happens on first run... Without adding 1 line of code.

Running VS as an admin... hoping that will elevate permissions to get around the adding problem, does not fix the issue.

[Bartmax]

having the same error here. multiple proj, only 1 with docker support. running vs as elevated.

[haniamr]

@jbt00000 are you seeing that error on a .NET 2.0 app? @Bartmax You do not have to run VS as an admin, how about the user used in Docker Shared Drives? Can you make sure it has permissions to:

• %APPDATA%\Microsoft\UserSecrets
• %APPDATA%\ASP.NET

[albertusgouzalixrelements]

Hi there, same here, I have ensured that the local user has read / write permission to:

• %APPDATA%\Microsoft\UserSecrets
• %APPDATA%\ASP.NET

however it also failed on creating the certificate. It ran fine if I create the web application without an authentication, however it not able to create the certificate when I use the web app with individual user account.

i haven't make any changes to the project itself, just create one from the template and try to run it on docker.

[jbt00000]

I downgraded to VS 15.6.7 (which I needed to do because SSDT doesn't work on 15.7.1...) and now it works.

[albertusgouzalixrelements]

sounds like an issue with the latest version of VS and the preview, will try the earlier version, thanks @jbt00000

[haniamr]

I managed to reproduce the issue. A workaround you can try is to remove the following from docker-compose.override.yml: (the below is an example)

version: '3.4'
services:
  webapplication3:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80   <=========
      - ASPNETCORE_HTTPS_PORT=44392
    ports:
      - "51493:80"
      - "44392:443"           <========== (The mapping for 443 not the second line specifically)
    volumes:
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

[albertusgouzalixrelements]

Hi @haniamr The workaround seems to work great, thanks for that.

I have also confirm that the previous version of Visual Studio works as well, it seems only affecting 15.7.1 and 15.7.2 at this stage. and @MichaelSL has confirmed Version 15.8.0 Preview 1.0 works as well, so i guess this should be fixed on the next release?

[haniamr]

@albertusgouzalixrelements thanks for the confirmation, yes it will be fixed on the next release.

[alihaidrz]

Version 15.8.0 Preview 1.0 has the same issue i just downloaded it and it has the exact same behavior

[albertusgouzalixrelements]

@alihaidrz MichaelSL are able to get around the issue with Version 15.8.0 Preview 1.0, have you tried to update the docker to the latest version?

[alihaidrz]

yes docker has the later version here is the information for visual studio:

Microsoft Visual Studio Enterprise 2017 Preview Version 15.8.0 Preview 1.1

[zslocum]

I'm still having this issue as well with the current Edge version of Docker and Visual Studio Preview 15.8.0 Preview 2.0

Other than modifying the docker-compose.override.yml file as described above I have been unable to find a workaround.

[dazinator]

@haniamr - so is the workaround for now to remove https completely? I assume that is what you mean by remove the mappings?

[haniamr]

@dazinator yes that's correct. The issue here is that scaffolding should only generate the certificate mappings for dotnet core 2.1 and not 2.0, as that's the only supported version for https in containers at the moment.

[haniamr]

I'll close the issue since it's fixed in 15.8 Preview 3 (latest public preview), please let me know if you're still facing it and I can investigate further.

[handersendk]

Hi, the issue continue to exist in 15.8 Preview 4. I have created a new project and I get

Adding the certificate to the Trusted Root Certficates store failed with the following error: Failed to create the certificate." when I try to run the application

These are the settings used for the new application. Please note I needed to update the nuget to latest version for the application to run.

I am able to make the application work by updating the docker.compose file as suggested previously.

This compose will work.

version: '3.4'

services: webapplication22: environment:

• ASPNETCORE_ENVIRONMENT=Development
• ASPNETCORE_URLS=http://+:80 ports:
• "54894:80" volumes:
• ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
• ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

[MarkDixonTech]

I am also getting a similar error, also in 15.8 Preview 5, after creating a new Web Application project with Docker Support.

Adding the certificate to the Trusted Root Certificates store failed with the following error: Failed with a critical error.

The error occurs during Step 4 of 4

Step 4/4 : EXPOSE 44373

As above, I am able to get it working by removing the SSL port mapping

[Heurazio]

Same Problem with the latest Version 2.1

[simeyla]

Can someone explain exactly what Visual Studio is trying to do. I know what a development certificate is, but is that what the problem is here? Can't I just install it manually?

I'm completely new to Docker and it is quickly becoming insanely frustrating trying to put all the pieces together.

I removed the line from override, and the EXPOSE line and still getting:

Adding the certificate to the Trusted Root Certficates store failed with the following error: Failed with a critical error.

I have VS 15.8 RTM. I don't even know if this is a Visual Studio or Docker issue.

[Heurazio]

I was able to solve the problem by recreating the project. Somehow, the certificate and/or it's thumbprint got deleted/corrupted but there still was the https entry in the docker-compose.override.yml. After recreating the project and copy over all needed files, everything worked fine again.

[arielmoraes]

I'm having the same issue:

Adding the certificate to the Trusted Root Certficates store failed with the following error: Failed with a critical error.

[li0nsar3c00l]

Same problem with VS 15.8.2, docker 18.06.1-ce-win73 (19507). Can somebody tell me, which VS preview version has a fix?

[Heurazio]

@arielmoraes , @li0nsar3c00l : Look at my answer above. Maybe this can help you. I hat this issue a few times when creating a new project.

[arielmoraes]

@Heurazio, already tried that, even with a fresh new project I'm getting the error.

[krotkiske]

Having the same issue.

[daze99]

I don't think this issue should be closed, as many (including me) still have this problem.

[li0nsar3c00l]

I created a new admin account with password and ensured the user had rights to read/write the folder, but it still didn't worked. I solved this issue by replacing the docker user account with my global admin account I was developing on after adding a password to it. Not sure if this was a proper solution or if I just fucked up the permissions. Regarding the behaviour @Heurazio noticed: I can confirm this, I definitly noticed a changed password in the user secrets. Somehow docker or visual studio seems to recreate the certificates i manually created following this. Then I just recreate the certificates by hand again and everything is working.

[haniamr]

Re-opening since the issue is still happening, although I believe it might be a different scenario.

So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled:

1. Check if the development certificate exists and trusted or not
2. If (1) is false, then prompt the user to trust the certificate
3. Export the certificate to %APPDATA%\ASP.NET\https{WebAppName}.pfx
4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets

I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following:

1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app?
2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly?
3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate?
4. Do you have a value for the property "UserSecretsId" in the web project?
5. Please run the following commands and share with me the results:
   • dotnet dev-certs https --trust --check
   • echo Trust check: %errorlevel%
   • dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https\{WebAppName}.pfx" -p TestPassword
   • echo Trust/Export: %errorlevel%
   • cd "{Directory where your .csproj lives}"
   • dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword
6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? It should be both under "Personal" and "Trusted Root Certification Authorities".

@arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support?

[krotkiske]

1. Its 2.1 or 2.0 2+3. I get the error message directly. i do not get a prompt.
2. Yes

3. a. blank b. Trust check: 0 c. Done prompted me. d. Trust/Export: 9009 e. Done f. Successfully saved Kestrel:Certificates:Development:Password = TestPassword to the secret store.

Ran again and still fails. critical error

On Tue, Sep 11, 2018 at 9:34 PM Hani Amr notifications@github.com wrote:

Re-opening since the issue is still happening, although I believe it might be a different scenario.

So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled:

1. Check if the development certificate exists and trusted or not
2. If (1) is false, then prompt the user to trust the certificate
3. Export the certificate to %APPDATA%\ASP.NET\https{WebAppName}.pfx
4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets

I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following:

1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app?
2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly?
3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate? [image: image] https://user-images.githubusercontent.com/5480153/45396550-0cb90d00-b5f1-11e8-99ff-985dcfac263b.png
4. Do you have a value for the property "UserSecretsId" in the web project?
5. Please run the following commands and share with me the results:
   • dotnet dev-certs https --trust --check
   • echo Trust check: %errorlevel%
   • dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword
   • echo Trust/Export: %errorlevel%
   • cd "{Directory where your .csproj lives}"
   • dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword
6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? [image: image] https://user-images.githubusercontent.com/5480153/45396482-acc26680-b5f0-11e8-9d0a-4cd83445d712.png It should be both under "Personal" and "Trusted Root Certification Authorities".

@arebelong https://github.com/arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/DockerTools/issues/99#issuecomment-420481725, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmGgHWlpnZUFQQ7iHk8l4Mvz9inoEks5uaGSsgaJpZM4T2DOZ .

[krotkiske]

I also do not have a certificate under either personal or trusted by that name. it created a certificate called localhost.

On Tue, Sep 11, 2018 at 9:34 PM Hani Amr notifications@github.com wrote:

Re-opening since the issue is still happening, although I believe it might be a different scenario.

So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled:

1. Check if the development certificate exists and trusted or not
2. If (1) is false, then prompt the user to trust the certificate
3. Export the certificate to %APPDATA%\ASP.NET\https{WebAppName}.pfx
4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets

I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following:

1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app?
2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly?
3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate? [image: image] https://user-images.githubusercontent.com/5480153/45396550-0cb90d00-b5f1-11e8-99ff-985dcfac263b.png
4. Do you have a value for the property "UserSecretsId" in the web project?
5. Please run the following commands and share with me the results:
   • dotnet dev-certs https --trust --check
   • echo Trust check: %errorlevel%
   • dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword
   • echo Trust/Export: %errorlevel%
   • cd "{Directory where your .csproj lives}"
   • dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword
6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? [image: image] https://user-images.githubusercontent.com/5480153/45396482-acc26680-b5f0-11e8-9d0a-4cd83445d712.png It should be both under "Personal" and "Trusted Root Certification Authorities".

@arebelong https://github.com/arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/DockerTools/issues/99#issuecomment-420481725, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmGgHWlpnZUFQQ7iHk8l4Mvz9inoEks5uaGSsgaJpZM4T2DOZ .

[krotkiske]

I did not get a dcproj from initial setup i had to add it afterwards from the add container orcehestration support option.

On Tue, Sep 11, 2018 at 9:34 PM Hani Amr notifications@github.com wrote:

Re-opening since the issue is still happening, although I believe it might be a different scenario.

So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled:

1. Check if the development certificate exists and trusted or not
2. If (1) is false, then prompt the user to trust the certificate
3. Export the certificate to %APPDATA%\ASP.NET\https{WebAppName}.pfx
4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets

I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following:

1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app?
2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly?
3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate? [image: image] https://user-images.githubusercontent.com/5480153/45396550-0cb90d00-b5f1-11e8-99ff-985dcfac263b.png
4. Do you have a value for the property "UserSecretsId" in the web project?
5. Please run the following commands and share with me the results:
   • dotnet dev-certs https --trust --check
   • echo Trust check: %errorlevel%
   • dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword
   • echo Trust/Export: %errorlevel%
   • cd "{Directory where your .csproj lives}"
   • dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword
6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? [image: image] https://user-images.githubusercontent.com/5480153/45396482-acc26680-b5f0-11e8-9d0a-4cd83445d712.png It should be both under "Personal" and "Trusted Root Certification Authorities".

@arebelong https://github.com/arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/DockerTools/issues/99#issuecomment-420481725, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmGgHWlpnZUFQQ7iHk8l4Mvz9inoEks5uaGSsgaJpZM4T2DOZ .

[krotkiske]

Actually i ran it again and it didnt even put the localhost certificate into the store

On Wed, Sep 12, 2018 at 11:13 AM Kevin Rotkiske krotkiske@gmail.com wrote:

I also do not have a certificate under either personal or trusted by that name. it created a certificate called localhost.

On Tue, Sep 11, 2018 at 9:34 PM Hani Amr notifications@github.com wrote:

Re-opening since the issue is still happening, although I believe it might be a different scenario.

So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled:

1. Check if the development certificate exists and trusted or not
2. If (1) is false, then prompt the user to trust the certificate
3. Export the certificate to %APPDATA%\ASP.NET\https{WebAppName}.pfx
4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets

I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following:

1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app?
2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly?
3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate? [image: image] https://user-images.githubusercontent.com/5480153/45396550-0cb90d00-b5f1-11e8-99ff-985dcfac263b.png
4. Do you have a value for the property "UserSecretsId" in the web project?
5. Please run the following commands and share with me the results:
   • dotnet dev-certs https --trust --check
   • echo Trust check: %errorlevel%
   • dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword
   • echo Trust/Export: %errorlevel%
   • cd "{Directory where your .csproj lives}"
   • dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword
6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? [image: image] https://user-images.githubusercontent.com/5480153/45396482-acc26680-b5f0-11e8-9d0a-4cd83445d712.png It should be both under "Personal" and "Trusted Root Certification Authorities".

@arebelong https://github.com/arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/DockerTools/issues/99#issuecomment-420481725, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmGgHWlpnZUFQQ7iHk8l4Mvz9inoEks5uaGSsgaJpZM4T2DOZ .

[MarkDixonTech]

I also do not have a certificate under either personal or trusted by that name. it created a certificate called localhost. … On Tue, Sep 11, 2018 at 9:34 PM Hani Amr @.**> wrote: Re-opening since the issue is still happening, although I believe it might be a different scenario. So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled: 1. Check if the development certificate exists and trusted or not 2. If (1) is false, then prompt the user to trust the certificate 3. Export the certificate to %APPDATA%\ASP.NET\https{WebAppName}.pfx 4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following: 1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app? 2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly? 3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate? [image: image] https://user-images.githubusercontent.com/5480153/45396550-0cb90d00-b5f1-11e8-99ff-985dcfac263b.png 4. Do you have a value for the property "UserSecretsId*" in the web project? 5. Please run the following commands and share with me the results: - dotnet dev-certs https --trust --check - echo Trust check: %errorlevel% - dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword - echo Trust/Export: %errorlevel% - cd "{Directory where your .csproj lives}" - dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword 6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? [image: image] https://user-images.githubusercontent.com/5480153/45396482-acc26680-b5f0-11e8-9d0a-4cd83445d712.png It should be both under "Personal" and "Trusted Root Certification Authorities". @arebelong https://github.com/arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#99 (comment)>, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmGgHWlpnZUFQQ7iHk8l4Mvz9inoEks5uaGSsgaJpZM4T2DOZ .

The Issued To and Issued By will be localhost but the Friendly Name will be ASP.NET Core HTTPS Development certificate

[MarkDixonTech]

I have managed to get this working by manually importing the file at %APPDATA%\ASP.NET\https{WebAppName}.pfx into my certifcate store at CurrentUser/Personal/Certifcates

I also ran the following:

• dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword

  • cd "{Directory where your .csproj lives}"
  • dotnet user-secrets set Kestrel:Certificates:Development:Password

I also noticed that the location is was writing the pfx file to was %AppData%\Roaming

I'm wondering whether this is related. Maybe roaming profile is used when logging in using Microsoft Account and this explains why only some users are seeing this.

[MarkDixonTech]

And if anyone is trying to do this on Service Fabric it had to go into the Local Machine certificate store instead

[krotkiske]

I tried what you susggested. it did not solve the issue. Interestingly enough i checked my other machine where it works fine and in both instances it places the certificate in the roaming folder.

On Wed, Sep 19, 2018 at 4:47 AM Mark Dixon notifications@github.com wrote:

I also do not have a certificate under either personal or trusted by that name. it created a certificate called localhost. … <#m7689105108009517854> On Tue, Sep 11, 2018 at 9:34 PM Hani Amr @.***> wrote: Re-opening since the issue is still happening, although I believe it might be a different scenario. So here is what VS is doing when you F5 an ASP.NET Core Web App 2.1 with Https and docker enabled: 1. Check if the development certificate exists and trusted or not 2. If (1) is false, then prompt the user to trust the certificate 3. Export the certificate to %APPDATA%\ ASP.NET\https{WebAppName}.pfx 4. Save the password in the user store in %APPDATA%\Microsoft\UserSecrets I'm unable to repro what you're seeing on a clean machine with VS 15.8.4, so please provide me with the following: 1. The original issue was on ASP.NET Core 2.0 apps with authentication enabled, is it still the same case? Or is it a 2.1 app? 2. Do you get the prompt to trust the certificate then the failure message? Or is it the failure message directly? 3. If you get the prompt first, do you see this Windows prompt warning you about trusting the certificate? [image: image] https://user-images.githubusercontent.com/5480153/45396550-0cb90d00-b5f1-11e8-99ff-985dcfac263b.png

4. Do you have a value for the property "UserSecretsId" in the web project? 5. Please run the following commands and share with me the results: - dotnet dev-certs https --trust --check - echo Trust check: %errorlevel% - dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https{WebAppName}.pfx" -p TestPassword - echo Trust/Export: %errorlevel% - cd "{Directory where your .csproj lives}" - dotnet user-secrets set Kestrel:Certificates:Development:Password TestPassword 6. In your current user certificate store, do you have a certificate named "ASP.NET Core HTTP development certificate" with the following properties? [image: image] https://user-images.githubusercontent.com/5480153/45396482-acc26680-b5f0-11e8-9d0a-4cd83445d712.png It should be both under "Personal" and "Trusted Root Certification Authorities". @arebelong https://github.com/arebelong https://github.com/arebelong I have a question about your repro steps, when you created a project while enabling docker support in VS 15.8, did you get a docker-compose project? Or you had to add it using the context-menu -> Add Container Orchestrator support? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#99 (comment) https://github.com/Microsoft/DockerTools/issues/99#issuecomment-420481725>, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmGgHWlpnZUFQQ7iHk8l4Mvz9inoEks5uaGSsgaJpZM4T2DOZ .

The Issued To and Issued By will be localhost but the Friendly Name will be ASP.NET Core HTTPS Development certificate

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/DockerTools/issues/99#issuecomment-422713497, or mute the thread https://github.com/notifications/unsubscribe-auth/AKlKmHSAz8y40QqwjZpTdmOObRSLNwuPks5ucgSQgaJpZM4T2DOZ .

[arielmoraes]

Sorry for the late response, but it seems that the certificate is not being created in the correct folder, in my machine when I start a new project using HTTPS the folder which is expected to contain the certificate is empty.

When we run dev-certs to create a certificate it creates a general development certificate as I can tell, when we use HTTPS with docker what is the expected flow? Does each application need its own certificate thus the examples here are always like applicationName.pfx?

[haniamr]

@krotkiske thanks for your feedback, I believe your issue might be permissions related, how different is the machine configuration (i.e. domain joined or not, user accounts, etc.) where it doesn't work and the one it does?

@MarkDixonTech thanks for pointing that out, it depends on where your %APPDATA% points but the roaming folder shouldn't be a problem, I've tested it on both roaming and local and it works fine on my machine.

@arielmoraes thanks for getting back on this, I've explained the whole scenario in this comment for what the tooling is attempting to do, it's a bit different from the normal dev-certs scenario for a vanilla ASP.NET 2.1 app since we have to export the certificate and volume mount it in the container.

Since the issue is not reproducible on my setup, please feel free to drop me an email and I'll be happy to arrange a Skype call and troubleshoot the issue further on your machine.

[mparker]

While trying to figure out problems trying to run a Service Fabric project locally (no docker involved), I came across this thread. I got past it and thought I'd add my comment, in case it helps anyone.

The fix for me was to create a new user account with no spaces in the name. I'm guessing that whatever commands that are run in the background don't use quotes around the path, so references to %APPDATA% fail.

[gianlazz]

I would also like to chime in and report that I've followed along with the instructions and am still at a blocking point in development on this issue with VS 15.8.6

[RicardoArndt]

Hello guys, i'm brazilian sorry my english. I resolve my problem creating new account in windows but not with spaces in account name, the folder "Users/{yourname}" not have spaces example "Ricardo Arndt" -> Error, "RicardoArndt" -> OK

[bwateratmsft]

@RicardoArndt, @mparker This is very helpful info. I found where the bug might be, we did a separate fix that is going into VS15.9 that I suspect may have also fixed this issue. If you are able, can you try the latest 15.9 Preview build from here? You can install it side-by-side with your existing install, and remove it if you no longer need it.

[PrefixAM]

VS 15.8.7, .Net core 2.1. Had "cannot find container to attach" issue. Container related issue was resolved by moving the project from the subfolder to a root level, Debug, then moving back (as it described here: https://developercommunity.visualstudio.com/content/problem/314882/single-project-docker-experience-breaks-if-using-s.html ) Once it was fixed, got certificate related issue. Tried to delete \ regenerate certificate, delete various temporary folders. Fixed the issue by right click on the project -> Manage User Secrets. It created an empty secrets.json file. Then just ran Debug and the issue is gone. A certificate was added, also VS has added "Kestrel:Certificates:Development:Password" into secrets.json.

[leandroferreira1985]

@krotkiske I was facing the same issue here. I solved it changing my user's folder name (C:\Users\UserName). The folder had a "space" character, for example: C:\Users**User Name. Once I replace the folder's name to C:\Users\UserName** the Visual Studio was able to generate the certificate automatically. Take a look in the physical path for %APPDATA%, it will start at C:\Users.... and verify if your user contains space or other special character. Is it is the case, this video explain how to rename the folder correctly. If you are using Docker for Windows, maybe will be necessary reset credentials at "Shared Drivers" and restart Docker. Hope it helps.