Today I spent a bit of time fighting with certificates in an ASP.NET application I’m working on. The scenario is we have Blazor Server communicating with a Minimal API. Debugging locally I was struggling to get the two to communicate, with errors like:

The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

Now I’d followed the instructions to install the self-signed developer certificate on Linux with no change in behaviour. Turns out the distribution I’m using for work, Fedora, does things a little bit differently. The gory details can be found on this GitHub issue but the solution for me was found in this particular comment. I’m sharing the script here for posterity’s sake.

dnf list installed nss-tools >/dev/null 2>&1 ||
  (echo "Installing dependencies." && \
  sudo dnf install -y nss-tools)

echo "Exporting developer certificate."
dotnet dev-certs https -ep "$DEV_CERT" --format PEM

CERT_DB=$(echo "$HOME/.mozilla/firefox/*.default-release")
[ -d "$CERT_DB" ] && echo "Adding certificate to Firefox default profile certificates." && \
  certutil -d "$CERT_DB" -A -t "C,," -n localhost -i "$DEV_CERT"

[ -d "$CERT_DB" ] && echo "Adding certificate to Edge/Chrome certificates." && \
  certutil -d "$CERT_DB" -A -t "C,," -n localhost -i "$DEV_CERT"

echo "Adding certificate to System certificates."
sudo cp "$DEV_CERT" /etc/pki/tls/certs
sudo update-ca-trust

rm "$DEV_CERT"

For the inexperienced Linux user:

  1. Copy the above lines into a new file with a .sh suffix (e.g.
  2. Set permissions on the file to make it executable: chmod +x
  3. Run the script: ./