Kestrel doesn't allow to use self-signed certificates.

[mikeon]

I want to secure connection in the intranet environment between local WebApi and desktop application. I cannot use official certificates, I will not use specific domain names, it will not be used online.

I've created self signed certificate using OpenSSL, added it to Trusted Root in Local Machine cert store and trying to use like before in .NET Core 2.1

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
      .ConfigureWebHostDefaults(builder=>
        {
          builder.UseKestrel(options=>
          {
            ...
            options.Listen(IPAddress.Any, port, listenOptions =>
              {
                listenOptions.UseHttps("localhost.pfx", password);
              });
          });
          builder.UseStartup<Startup>();
        });

I've got an error while trying to run it:

System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054. at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken)
2021-08-20 08:50:40.073 +02:00 [FTL] Perseus Server API terminated unexpectedly
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.`

---

So even I'm pointing to my certificate, Kestrel is complaining that it only understand one specific certificate. After digging into subject I'm came across this thread:
https://stackoverflow.com/questions/65947072/how-can-i-change-the-default-ssl-certificate-for-local-development-in-asp-net-co

Which explain that Kestrel is looking for special Oid number:

aspnetcore/src/Shared/CertificateGeneration/CertificateManager.cs

Line 83 in c4d043d

.Where(c => HasOid(c, AspNetHttpsOid));

---

[Tratcher]

That error isn't about your call to Listen, it says you have a different https endpoint defined in config that's missing a certificate. Remove that endpoint from config.

We also recommend replacing UseKestrel with ConfigureKestrel.

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.

[mikeon]

Ehh, completely omitted that. I will check it now and give feedback here.

EDIT: Works fine now. Thank you @Tratcher