Configure a self-signed certificate in Ubuntu to allow HTTPS access with an ASP.NET Core 2.1 application

1. Create an asp.net core project as usual and check if you have access using HTTPS.

    dotnet new web -o Sample
    cd Sample
    dotnet restore
    dotnet run
   

   1.1. Navigate to https://localhost:5001. Can you read the message Hello World!? Congrats, you can stop reading this guide. If Firefox shows you a Secure Connection Failed message or you have an error message in console like this:

    dbug: HttpsConnectionAdapter[1]
    Failed to authenticate HTTPS connection.
    System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib
   

   Keep reading.

2. Install ca-certificates and openssl packages

    sudo apt-get install ca-certificates openssl
   

3. Genereate the .pfx certificate with dotnet command [1]

    dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p crypticpassword
   

4. Extract the .crt file [2]

    cd ${HOME}/.aspnet/https/
    openssl pkcs12 -in aspnetapp.pfx -nocerts -out aspnetapp.pfx
    openssl pkcs12 -in aspnetapp.pfx -clcerts -nokeys -out aspnetapp.crt
   

5. Copy the .crt file to the certificates location [3]

    sudo cp aspnetapp.crt /usr/local/share/ca-certificates/
   

6. Change the permissions to allow to read the certificate [4]

    sudo chmod +r /usr/local/share/ca-certificates/*
   

7. Run the application again and check the https address

    dotnet run
   

Navigate to https://localhost:5001. If you have any error, you can check the links below to know more about each step.

References

[1] https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https.md

[2] https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/

[3] https://stackoverflow.com/a/44160125

[4] https://github.com/dotnet/cli/issues/9376#issuecomment-393954876