Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Https][Tooling] Add digital signature to the KeyUsage of the HTTPS dev-cert #9293

Merged
merged 3 commits into from
Apr 12, 2019
Merged

[Https][Tooling] Add digital signature to the KeyUsage of the HTTPS dev-cert #9293

merged 3 commits into from
Apr 12, 2019

Conversation

javiercn
Copy link
Member

No description provided.

@javiercn
[Https][Tooling]
e6d2e23 
Add digital signature to the KeyUsage of the HTTPS dev-cert
@javiercn
Update devcert tests
f6bd84c
@javiercn javiercn marked this pull request as ready for review April 11, 2019 18:54
@Eilon Eilon added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Apr 11, 2019
analogrelay
analogrelay approved these changes Apr 11, 2019
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK to me. If the user had the previous cert installed, what process would they go through to update it? Will the first-run experience attempt to auto-upgrade the cert?

@javiercn
Copy link
Member Author

javiercn commented Apr 12, 2019
edited

No, they will have to remove the old cert from the store and then recreate it.

We don’t want this to affect people with existing certs that don’t need it.

Specially if they trusted the cert already (it would require them to trust it again)

If we see that this becomes a problem then we can think of auto-upgrading

@analogrelay
Copy link
Contributor

My concern is that if you're running Windows 10, you'll reboot one day and your ASP.NET Core app will be broken, even if you're up-to-date on the latest SDK. That's a bad experience.

@javiercn javiercn merged commit f934bfa into master Apr 12, 2019
@javiercn javiercn deleted the javiercn/https-devcert-key-usage branch April 12, 2019 07:28
@javiercn
Copy link
Member Author

@anurse The counter point is that if we upgrade it automatically, then you install a new SDK in your box and it breaks the trust relationship with your cert. (And we can't remove things from the trust store without prompting, which is also annoying).

The certs lasts for 1 year and they get automatically renewed after that, so when its time you'll get an updated cert.

Lets see if this becomes a problem and then we can decide what to do.

@analogrelay
Copy link
Contributor

Fair points, I'm fine getting customer feedback on this :)

@analogrelay analogrelay mentioned this pull request May 14, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@analogrelay analogrelay analogrelay approved these changes

@Tratcher Tratcher Tratcher approved these changes

@blowdart blowdart Awaiting requested review from blowdart

Assignees
No one assigned
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@javiercn @analogrelay @Tratcher @Eilon