- Garcia's Guide to the Galaxy
- Asp.NET Self-Signed Certificates and Fedora
Today I spent a bit of time fighting with certificates in an ASP.NET application I’m working on. The scenario is we have Blazor Server communicating with a Minimal API. Debugging locally I was struggling to get the two to communicate, with errors like:
The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
Now I’d followed the instructions to install the self-signed developer certificate on Linux with no change in behaviour. Turns out the distribution I’m using for work, Fedora, does things a little bit differently. The gory details can be found on this GitHub issue but the solution for me was found in this particular comment. I’m sharing the script here for posterity’s sake.
dnf list installed nss-tools >/dev/null 2>&1 || (echo "Installing dependencies." && \ sudo dnf install -y nss-tools) echo "Exporting developer certificate." DEV_CERT="$HOME/aspnet-$USER.pem" dotnet dev-certs https -ep "$DEV_CERT" --format PEM CERT_DB=$(echo "$HOME/.mozilla/firefox/*.default-release") [ -d "$CERT_DB" ] && echo "Adding certificate to Firefox default profile certificates." && \ certutil -d "$CERT_DB" -A -t "C,," -n localhost -i "$DEV_CERT" CERT_DB="$HOME/.pki/nssdb" [ -d "$CERT_DB" ] && echo "Adding certificate to Edge/Chrome certificates." && \ certutil -d "$CERT_DB" -A -t "C,," -n localhost -i "$DEV_CERT" echo "Adding certificate to System certificates." sudo cp "$DEV_CERT" /etc/pki/tls/certs sudo update-ca-trust rm "$DEV_CERT"
For the inexperienced Linux user:
chmod +x my-script.sh
© Copyright 2023
Last updated Sunday, 22/Jan/2023 09:24 AEST