'dotnet dev-certs certificate not trusted
I am working through Adam Freeman's book "Pro ASP.Net Core 3". I have gotten to the introduction to https. He instructs us to use Powershell and run these commands in this order
dotnet dev-certs https --clean
dotnet dev-certs https --trust
When I run the clean command, I get a message saying
"HTTPS development certificates successfully removed from the machine."
But when I run the trust command, I get:
"A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it: 'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9' This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/2.1/troubleshootcertissues
A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it: 'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9' This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/3.1/troubleshootcertissues
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. There was an error trusting HTTPS developer certificate."
I tried
- running
dotnet dev-certs httpsresults in "A valid HTTPS certificate is already present." - running powershell as administrator. But I got the same errors. The book says I may get a couple of dialog boxes, but I did not get them.
dotnet --versiongives me 3.1.200.
What do I have to do to get the certificate to work?
Solution 1:[1]
Ok...I found a MAC super hint at the github link below.
(It ~might translate to the PC side...but I cannot test that)
https://github.com/dotnet/sdk/issues/10422
Encountered the same issue on macOS. As a solution, in the keychain, remove the old localhost certificate under 'System' and recreate it via the dotnet commands described in the docs. It will be placed under 'login'.
So to better describe the above quote, I've added a screen shot here (image below with the magenta/fuchsia/pinkish circles), to provide a "here is where it is on the Mac".....of what the text above describes..
So my steps were:
dotnet dev-certs https --clean
dotnet dev-certs https --check
// (DO THE MANUAL keychain-old-localhost removal NOW (image below)
// (before running the below terminal commands)
dotnet dev-certs https --check
dotnet dev-certs https
dotnet dev-certs https --trust
Solution 2:[2]
What do I have to do to get the certificate to work?
For some reason, dotnet CLI might throw exception while we use dotnet dev-certs https --trust command to trust the HTTPS development certificate.
As a workaround, we can try following steps to manually trust the certificate.
Run
dotnet dev-certs httpscommand to generate a HTTPS certificate (if you do not generate it)Copy the certificate with the ASP.NET Core HTTPS development certificate friendly name by copying from Current User > Personal > Certificates into Current User > Trusted root certification authorities > Certificates within the certificate manager UI, like below.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | surfmuggle |
| Solution 2 | Fei Han |