-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when using custom HTTPS certificate from pem file #40020
Comments
You'll want to get an X509Certificate2 using this API: https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.createfrompemfile?view=net-6.0 and then pass that to Kestrel in |
Yes, that is the api I'm using to create the X509Certificate2. If you check the sample project attached, it has the code to recreate this issue. using System.Security.Cryptography.X509Certificates;
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.ConfigureKestrel(options =>
{
options.ConfigureHttpsDefaults(httpsOptions =>
{
var certPath = Path.Combine(builder.Environment.ContentRootPath, "certificate", "demo-cert.pem");
var keyPath = Path.Combine(builder.Environment.ContentRootPath, "certificate", "demo-key.pem");
httpsOptions.ServerCertificate = X509Certificate2.CreateFromPemFile(certPath, keyPath);
});
});
var app = builder.Build();
app.MapGet("/", () => "Hello World!");
app.Run(); |
Since you suggested UseHttps extension method I tried that as well still, the same exception is thrown. using System.Security.Cryptography.X509Certificates;
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.ConfigureKestrel(options =>
{
var certPath = Path.Combine(builder.Environment.ContentRootPath, "certificate", "demo-cert.pem");
var keyPath = Path.Combine(builder.Environment.ContentRootPath, "certificate", "demo-key.pem");
options.ConfigureEndpointDefaults(l => l.UseHttps(X509Certificate2.CreateFromPemFile(certPath, keyPath)));
});
var app = builder.Build();
app.MapGet("/", () => "Hello World!");
app.Run(); |
I've got the same issue when I create a pem certificate with separate key file using mkcert. |
Thanks for contacting us. |
Here's another blog post basically talking about this exact scenario/error: https://www.scottbrady91.com/c-sharp/pem-loading-in-dotnet-core-and-dotnet and why it fails, there's an issue with ephemeral keysets on windows I guess: dotnet/runtime#45680 Looks like this is worked around by using the configuration loader:
|
Interesting workaround. Unfortunately, it doesn't work when you want to load a full certificate chain, as you would manually import the pem file into an |
Closing this issue since this is external to us dotnet/runtime#23749 is the root cause |
Is there an existing issue for this?
Describe the bug
I have configured my application to load a custom HTTPS certificate from a PEM file on disk. The server starts up ok but when I navigate to the URL, it throws the following exception:
no credentials are available in the security package
This is a minimal code to reproduce this issue:
custom-certificate-https.zip
However, if I use the same pem file and configure it with appsettings.json it works fine. Also if I export this as a pfx and reimport it works fine as well.
Expected Behavior
The webserver to use the pem files to server HTTPS connections
Steps To Reproduce
No response
Exceptions (if any)
.NET Version
6.0.100
Anything else?
Operating system: Windows 11 - 22000.469
The text was updated successfully, but these errors were encountered: