VS2017 Docker debugging failed: Failed to create the certificate

[MichaelSL]

Created new NET Core MVC application on clean installed Windows 10 Pro 1803.

Trying to start debugging and get: Adding the certificate to the Trusted Root Certficates store failed with the following error: Failed to create the certificate.

Already created a local account, removed %userprofile%\vsdbg and %userprofile%\onecoremsvsmon

VS info:

Version 15.8.0 Preview 1.0
VisualStudio.15.Preview/15.8.0-pre.1.0+27705.0
Microsoft .NET Framework
Version 4.7.03056

Installed Version: Community

Application Insights Tools for Visual Studio Package   8.12.10405.1
Application Insights Tools for Visual Studio

ASP.NET and Web Tools 2017   15.0.40502.0
ASP.NET and Web Tools 2017

ASP.NET Core Razor Language Services   15.7.31476
Provides languages services for ASP.NET Core Razor.

ASP.NET Web Frameworks and Tools 2017   5.2.60419.0
For additional information, visit https://www.asp.net/

Azure App Service Tools v3.0.0   15.0.40424.0
Azure App Service Tools v3.0.0

Azure Data Lake Node   1.0
This package contains the Data Lake integration nodes for Server Explorer.

Azure Data Lake Tools for Visual Studio   2.3.3000.2
Microsoft Azure Data Lake Tools for Visual Studio

Azure Functions and Web Jobs Tools   15.0.40424.0
Azure Functions and Web Jobs Tools

Azure Stream Analytics Tools for Visual Studio   2.3.3000.2
Microsoft Azure Stream Analytics Tools for Visual Studio

C# Tools   2.8.0-beta6-62830-08. Commit Hash: e595ee276d14e14bfb3eb323fb57f2aa668bddea
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools   1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Fabric.DiagnosticEvents   1.0
Fabric Diagnostic Events

GitHub.VisualStudio   2.2.0.10
A Visual Studio Extension that brings the GitHub Flow into Visual Studio.

JavaScript Language Service   2.0
JavaScript Language Service

Microsoft Azure HDInsight Azure Node   2.3.3000.2
HDInsight Node under Azure Node

Microsoft Azure Hive Query Language Service   2.3.3000.2
Language service for Hive query

Microsoft Azure Service Fabric Tools for Visual Studio   2.1
Microsoft Azure Service Fabric Tools for Visual Studio

Microsoft Azure Stream Analytics Language Service   2.3.3000.2
Language service for Azure Stream Analytics

Microsoft Azure Stream Analytics Node   1.0
Azure Stream Analytics Node under Azure Node

Microsoft Azure Tools   2.9
Microsoft Azure Tools for Microsoft Visual Studio 2017 - v2.9.10420.2

Microsoft Continuous Delivery Tools for Visual Studio   0.3
Simplifying the configuration of continuous build integration and continuous build delivery from within the Visual Studio IDE.

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft Library Manager   1.0
Install client-side libraries easily to any web project

Microsoft MI-Based Debugger   1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual Studio Tools for Containers   1.1
Develop, run, validate your ASP.NET Core applications in the target environment. F5 your application directly into a container with debugging, or CTRL + F5 to edit & refresh your app without having to rebuild the container.

NuGet Package Manager   4.6.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

ProjectServicesPackage Extension   1.0
ProjectServicesPackage Visual Studio Extension Detailed Info

ResourcePackage Extension   1.0
ResourcePackage Visual Studio Extension Detailed Info

SQL Server Data Tools   15.1.61804.210
Microsoft SQL Server Data Tools

Syntax Visualizer   1.0
An extension for visualizing Roslyn SyntaxTrees.

ToolWindowHostedEditor   1.0
Hosting json editor into a tool window

TypeScript Tools   15.7.20419.2003
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools   2.8.0-beta6-62830-08. Commit Hash: e595ee276d14e14bfb3eb323fb57f2aa668bddea
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 10.1 for F# 4.1   15.7.0.0.  Commit Hash: 16ecf5a30ad868d183c58e4a71a71c23d4ed3ba9.
Microsoft Visual F# Tools 10.1 for F# 4.1

Visual Studio Code Debug Adapter Host Package   1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Tools for Containers   1.0
Visual Studio Tools for Containers`

[devr24]

I am also having this issue in VS2017.

Taken from Output window (Docker):

========== Pulling Images ==========
Pulling missing Docker images. To cancel this download, close the command prompt window. To disable image auto-pull, see Tools > Options > Container Tools.
docker pull gcr.io/google-appengine/aspnetcore:2.1
docker pull completed
========== Debugging ==========
docker-compose  -f "C:\Users\sp4_rm\Desktop\Mb CODE\Mb.Platform.WebApi\src\docker-compose.yml" -f "C:\Users\sp4_rm\Desktop\Mb CODE\Mb.Platform.WebApi\src\obj\Docker\docker-compose.vs.debug.g.yml" -p dockercompose16382350260440979265 --no-ansi config
The DOCKER_REGISTRY variable is not set. Defaulting to a blank string.
services:
  mb.platform.webApi:
    build:
      context: C:\Users\sp4_rm\Desktop\Mb CODE\Mb.Platform.WebApi\src
      dockerfile: Mb.Platform.WebApi/Dockerfile
    entrypoint: tail -f /dev/null
    environment:
      ASPNETCORE_ENVIRONMENT: Development
      ASPNETCORE_HTTPS_PORT: '44335'
      ASPNETCORE_URLS: https://+:443;http://+:80
      DOTNET_USE_POLLING_FILE_WATCHER: '1'
      NUGET_FALLBACK_PACKAGES: /root/.nuget/fallbackpackages
    image: mbplatformapi:dev
    labels:
      com.microsoft.visualstudio.debuggee.arguments: ' --additionalProbingPath /root/.nuget/packages
        --additionalProbingPath /root/.nuget/fallbackpackages  bin/Debug/netcoreapp2.1/Mb.Platform.WebApi.dll'
      com.microsoft.visualstudio.debuggee.killprogram: /bin/bash -c "if PID=$$(pidof
        -x dotnet); then kill $$PID; fi"
      com.microsoft.visualstudio.debuggee.program: dotnet
      com.microsoft.visualstudio.debuggee.workingdirectory: /app
    ports:
    - published: 52645
      target: 80
    - published: 44335
      target: 443
    volumes:
    - C:\Users\sp4_rm\Desktop\Mb CODE\Mb.Platform.WebApi\src\Mb.Platform.WebApi:/app:rw
    - C:\Users\sp4_rm\vsdbg\vs2017u5:/remote_debugger:ro
    - C:\Users\sp4_rm\AppData\Roaming\ASP.NET\Https:/root/.aspnet/https:ro
    - C:\Users\sp4_rm\AppData\Roaming\Microsoft\UserSecrets:/root/.microsoft/usersecrets:ro
    - C:\Program Files\dotnet\sdk\NuGetFallbackFolder:/root/.nuget/fallbackpackages:ro
    - C:\Users\sp4_rm\.nuget\packages:/root/.nuget/packages:ro
version: '3.4'
docker ps --filter "status=running" --filter "name=dockercompose16382350260440979265_mb.platform.webApi_" --format {{.ID}} -n 1
58b173a7188b

Build succeeded and then the Docker stuff failed.

VS version: 15.8.4

[marriottr]

Everything was good for me until I installed VS2019 V16.0.0 Preview 1.0. Now I get this problem in VS2017 as well and can no longer run any netcore web project.

...

However this worked for me. https://www.hanselman.com/blog/DevelopingLocallyWithASPNETCoreUnderHTTPSSSLAndSelfSignedCerts.aspx

[Zenexer]

Can confirm this error appears if VS2019 preview is installed. Can't find a way around it. I think when I run dotnet, it's the 2.2 3.0 preview that's being invoked, and of course that cert is already trusted.

Edit: Said 2.2 preview initially; meant 3.0

[Zenexer]

I've uninstalled VS2019, uninstalled every version of .NET Core SDK, reinstalled the latest stable verison of .NET Core SDK, and still I get this error. I can't figure out the issue. The certificate gets installed just fine--Visual Studio gives an error regardless. Even if it's already installed, nope, error.

[marriottr]

Yes with 2019 preview installed.

On Wed, 23 Jan 2019, 01:51 Paul Buonopane <notifications@github.com wrote:

Can confirm this error appears if VS2019 preview is installed. Can't find a way around it. I think when I run dotnet, it's the 2.2 preview that's being invoked, and of course that cert is already trusted.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/DockerTools/issues/99#issuecomment-456637037, or mute the thread https://github.com/notifications/unsubscribe-auth/AGm4Wep4eJ0rDpksdu_46rJRppSXJlREks5vF8AJgaJpZM4T2DOZ .

[Zenexer]

I've opened a bug report in the Visual Studio Developer Community regarding side-by-side installation of VS15 and VS16: https://developercommunity.visualstudio.com/content/problem/435856/side-by-side-installation-with-visual-studio-2019.html

[Zenexer]

First attempt the following:

1. Right-click on your ASP.NET Core project in Solution Explorer.
2. Choose Manage User Secrets.
3. secrets.json will open. There should be a Kestrel:Certificates:Development:Password key. If there isn't, you found the culprit. Save your project, close secrets.json, and run the project. The entry should now be added to secrets.json automatically.

If that doesn't work, you'll need to fully restore VS15. This isn't really a workaround since it doesn't permit usage of VS16, but if you'd like to get VS15 working again, it will do the trick:

1. Uninstall both Visual Studio 2017 and Visual Studio 2019 Preview.
2. In an administrative PowerShell terminal, run dotnet nuget locals all --clear and nuget locals all --clear. The latter won't succeed if you don't have NuGet installed separately, but either one should theoretically be sufficient, so you can ignore the error.
3. Uninstall all versions of .NET Core, both preview and stable releases.
4. Reboot.
5. Double-check Program Files for any NuGet, Visual Studio, and .NET Core artifacts. Delete anything you find.
6. Install Visual Studio 2017.
7. If the version of .NET Core installed with Visual Studio 2017 doesn't match the version your project requires, additionally install both the x64 and x86 .NET Core SDKs for the corresponding stable version. They're separate installers; make sure you get both unless your solution only supports one architecture.

[SychevIgor]

The same issue for me: But it's not working for a one project, but if I will a new project- it will work. Running under administrator- didn't solve the issue. I had never try vs 2019 previews or rtm on this machine.

Microsoft Visual Studio Professional 2017 Version 15.9.7 VisualStudio.15.Release/15.9.7+28307.423 Microsoft .NET Framework Version 4.7.03190

Installed Version: Professional

Application Insights Tools for Visual Studio Package 8.14.20131.1 Application Insights Tools for Visual Studio

ASP.NET and Web Tools 2017 15.9.04012.0 ASP.NET and Web Tools 2017

ASP.NET Core Razor Language Services 15.8.31590 Provides languages services for ASP.NET Core Razor.

ASP.NET Web Frameworks and Tools 2017 5.2.60913.0 For additional information, visit https://www.asp.net/

Azure App Service Tools v3.0.0 15.9.03024.0 Azure App Service Tools v3.0.0

Azure Functions and Web Jobs Tools 15.9.02046.0 Azure Functions and Web Jobs Tools

Azure Kubernetes Service Publish Tools (Preview) 1.0 Tools for configuring and publishing to Azure Kubernetes Services

C# Tools 2.10.0-beta2-63501-03+b9fb1610c87cccc8ceb74a770dba261a58e39c4a C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools 1.10 Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Fabric.DiagnosticEvents 1.0 Fabric Diagnostic Events

JavaScript Language Service 2.0 JavaScript Language Service

Microsoft Azure Service Fabric Tools for Visual Studio 2.4 Microsoft Azure Service Fabric Tools for Visual Studio

Microsoft Azure Tools 2.9 Microsoft Azure Tools for Microsoft Visual Studio 2017 - v2.9.0.0

Microsoft Continuous Delivery Tools for Visual Studio 0.4 Simplifying the configuration of Azure DevOps pipelines from within the Visual Studio IDE.

Microsoft JVM Debugger 1.0 Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft Library Manager 1.0 Install client-side libraries easily to any web project

Microsoft MI-Based Debugger 1.0 Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual Studio Tools for Containers 1.1 Develop, run, validate your ASP.NET Core applications in the target environment. F5 your application directly into a container with debugging, or CTRL + F5 to edit & refresh your app without having to rebuild the container.

NuGet Package Manager 4.6.0 NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

ProjectServicesPackage Extension 1.0 ProjectServicesPackage Visual Studio Extension Detailed Info

ResourcePackage Extension 1.0 ResourcePackage Visual Studio Extension Detailed Info

ResourcePackage Extension 1.0 ResourcePackage Visual Studio Extension Detailed Info

SQL Server Data Tools 15.1.61901.24070 Microsoft SQL Server Data Tools

TypeScript Tools 15.9.20918.2001 TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools 2.10.0-beta2-63501-03+b9fb1610c87cccc8ceb74a770dba261a58e39c4a Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 10.2 for F# 4.5 15.8.0.0. Commit Hash: 6e26c5bacc8c4201e962f5bdde0a177f82f88691. Microsoft Visual F# Tools 10.2 for F# 4.5

Visual Studio Code Debug Adapter Host Package 1.0 Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Tools for Containers 1.0 Visual Studio Tools for Containers

Visual Studio Tools for Kubernetes 1.0 Visual Studio Tools for Kubernetes

[danielwgrech]

It's happening on my machine and also on 2 of my other colleagues'. We have a .Net Core 2.2 application, and the issue is only when we run it in Docker through Visual Studio 2017 (v15.9.7). We've deleted the "localhost" certificate from both the "Trusted Root Certification Authorities" and "Personal" folders. Visual Studio then prompts to install and trust the certificates, and it seems to do so successfully (I can find the "localhost" certificate again in both places), but then gives the error:

"Adding the certificate to the Trusted Root Certificates store failed with the following error: Failed to create the certificate."

I noticed that Visual Studio is creating a "UserSecretsId" property under "PropertyGroup" in the project file, which my colleagues don't have. How is this secret supposed to make sense for everyone working on the project? And what is its purpose?

While writing this comment, I went to run it again, and it actually worked somehow. All I did was comment/uncomment the "UserSecretsId" part, which makes no sense. In the meantime, my colleagues tried the same procedure and do not have a "UserSecretsId" at all.

Also, I've never had VS2019 installed.

[grmallon]

I ran into this for the past few hours following an update to W10 1809 from W10 build 10240. While I was eventually able to get an app deployed, it still wasn't trusting the dev cert.

Upon a rollback to 10240, things are working properly in a non-docker Core 2.2 web app. Will need to try updating to 1709 or 1803 and see how things go.

[bwateratmsft]

I found one potential cause for this that would affect docker-compose applications in particular, but can affect others. Please note, this isn't the only possible cause for this error.

One of the steps in setting up the SSL certificate is telling Kestrel what the SSL certificate password is, via user secrets. The command we use is dotnet user-secrets set Kestrel:Certificates:Development:Password <randomGuid>

It will fail if there is more than one project file within the directory of the web app. For instance, if you chose "Put solution file and project file in same directory", and then added Compose support, you would have the dcproj and the csproj together in the same folder, and dotnet user-secrets gets confused. I've created a bug to address this particular case.

[jrafael83]

What I did to solve the issue was:

1. Delete the certificate from the Personal store.
2. Generate the certificate using dotnet dev-certs https --trust (it will throw the error)
3. Open MMC and add the Certificates snap-in (For Current User)
4. Export the Certificate and its Private Key to a PFX file (Use a password)
5. Install the PFX file to the Local Machine Certificates in Trusted Root Certification Authorities.

Then I tried to run the application and the error disappeared.

My Environment is: Windows 10, Visual Studio 2017 (15.9.12). Trying to run an MVC App with Docker Support.

[madslyng]

@haniamr

@albertusgouzalixrelements thanks for the confirmation, yes it will be fixed on the next release.

I'm having the same issue as described here and in https://github.com/Microsoft/DockerTools/issues/147

I'm running the latest version of Visual Studio 2019 16.1.2

I don't think it has been fixed.

[bwateratmsft]

@sonicjolt Can you share your solution or at least the general structure of it?

[madslyng]

@bwateratmsft Sorry for the late reply.

I started a new project today, based on Visual Studio 2019, ASP.NET Core 2.2.

My solution is a very basic solution with an ASP.NET Core Web Application project.

When I try to run it (with Docker = Linux), I get this error. I'm using Docker Desktop, running Linux Containers.

I've not added a single line of code. This is the basic setup from scaffolding.

Details:

• Visual Studio 16.1.6
• Docker Desktop 2.0.0.3 -- Engine 18.09.2
• ASP.NET Core 2.2

[bwateratmsft]

@sonicjolt What happens if you run "dotnet dev-certs https --trust" from a command line?

EDIT: or better yet, the commands from @haniamr in this comment: https://github.com/microsoft/DockerTools/issues/147#issuecomment-420433974

[madslyng]

Result of the command: Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. There was an error trusting HTTPS developer certificate.

On Thu, 18 Jul 2019 at 15:49, Brandon Waterloo [MSFT] < notifications@github.com> wrote:

@sonicjolt https://github.com/sonicjolt What happens if you run "dotnet dev-certs https --trust" from a command line?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/DockerTools/issues/99?email_source=notifications&email_token=AARKDKNGJIBFIISAQPNHPWTQABYG5A5CNFSM4E6YGOM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2IRERI#issuecomment-512823877, or mute the thread https://github.com/notifications/unsubscribe-auth/AARKDKJPF267HZH7CQ4RIVLQABYG5ANCNFSM4E6YGOMQ .

[bwateratmsft]

@sonicjolt Can you try these:

1. dotnet dev-certs https --trust --check
2. echo Trust check: %errorlevel%
3. dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https\TestCert.pfx" -p TestPassword
4. echo Trust/Export: %errorlevel%

[daze99]

I also used to have this problem. This comment by @mparker fixed it for me.

[madslyng]

@sonicjolt Can you try these:

1. dotnet dev-certs https --trust --check
2. echo Trust check: %errorlevel%
3. dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https\TestCert.pfx" -p TestPassword
4. echo Trust/Export: %errorlevel%

@bwateratmsft

Microsoft Windows [Version 10.0.17134.885] (c) 2018 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>dotnet dev-certs https --trust --check

C:\WINDOWS\system32>echo Trust check: %errorlevel% Trust check: 7

C:\WINDOWS\system32>dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https\TestCert.pfx" -p TestPassword Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. There was an error trusting HTTPS developer certificate.

C:\WINDOWS\system32>echo Trust/Export: %errorlevel% Trust/Export: 4

[madslyng]

I also used to have this problem. This comment by @mparker fixed it for me.

@daze99 My username doesn't have spaces. But thanks.

[bwateratmsft]

@sonicjolt Those error codes correspond to: 7 = CertificateNotTrusted 4= ErrorTrustingTheCertificate Can you create an issue at https://github.com/aspnet/AspNetCore? The source for this tool is at https://github.com/aspnet/AspNetCore/tree/master/src/Tools/dotnet-dev-certs.

[bwateratmsft]

@sonicjolt Can you also run with dotnet dev-certs https --trust -v? This gives verbose output and might tell us what is actually wrong...

[AminSojoudi]

I have removed UserSecrets and now it's working, AppData\Roaming\Microsoft\UserSecrets

[vmahadev]

Created a simple MVC Project and added Google Authentication ClientID and Key Try to run the project

Adding the certificate to the Trusted Root Certificate store failed

Microsoft Visual Studio Community 2019 Version 16.7.1

Docker Desktop Version 2.3.0.4(46911) Stable Channel

dotnet dev-certs https --trust --check echo Trust check: %errorlevel% dotnet dev-certs https --trust -ep "%APPDATA%\ASP.NET\https\TestCert.pfx" -p TestPassword echo Trust/Export: %errorlevel%

The above commands produce

7 = CertificateNotTrusted 4= ErrorTrustingTheCertificate

Same errors unable to fix it. Any help is greatly appreciated.

[mattjbrent]

A mac user here on 8.9 Preview (community edition). We are developing a microservices infrastructure with .net 5 and docker support. Our team has decent experience in Docker and containerization - so this isnt just a docker newbie thing here.

There are a few things at play here for us. We were able to fix the issue by performing the previous mentioned step in this thread by setting the user secrets up for kestrel Note: you need to do this for every single project in a multi-project solution. That means each solution must have a .pfx cert matching (case sensitive) the name of the project and you must have dotnet store the user secrets that must be added.

These certs on your host machine get volume mounted into the docker containers (even if you dont specify it in your docker-compose file) auto-magically. Which is why, if they arent set up correctly, things dont work - even if you dont need them which is in our case.

So ensure that for each containerized project you are running you have:

• a cert in ~/.aspnet/https (on your host machine) that exactly matches the name of each project. If VS isnt auto-generating it you can run dotnet dev-certs https -ep ~/.aspnet/https/My.Cool.Project.pfx -p mypassword Keep in mind, the commonname in the cert will always be localhost
• each cert in ~/.aspnet/https has a corresponding user secret set in kestrel for the password for said .pfx cert. These can be found in ~/.microsoft/usersecrets where the name of the dir will match the GUID of the user secret.
• You can generate a user secret file by cd'ing into the project directory and running dotnet user-secrets set "Kestrel:Certificates:Development:Password" "mypassword" Ensure you have the user secret set in your csproj file. You can prefix the GUID with the project name to make it easier to see your certs in ~/.microsoft/usersecrets

The hugely frustrating thing about this is that if you want to handle certs yourself (for eg for full service-service encryption instead of TLS termination on your local then you still need to do this, even though the certs themselves arent used by the Kestrel server. Theres little documentation on what VS is doing and why. It also does a lot of 'magic' to the docker-compose and docker setup which is not clearly documented anywhere we could find, so it took a lot of effort for us to finally get the debug run working in visual studio for docker-compose.

If you are frustrated, you are not alone but you can get it working with a lot of work. More documentation on exactly how VS supports and runs docker would be helpful, and also not completely halting the build, just because an auto-generated cert wasn't trusted. This should all be configurable.

[freever]

@hbiarge thanks for sharing, if that's the case, then the error is expected since we use the UserSecretId to store the local certificate export password, so when trying to export it into the container it fails if that's not found.

This was the problem for me too - a better error message would have saved me a few hours of searching online

[fiveisprime]

Closing this since the debugging flow has changed and this should all be resolved. If you're still having issues or have suggestions on further improvements, open a new issue and reference this one.