I'm on a Mac and I cannot get dotnet to recognize my dev-cert, preventing me from running https on localhost.
When I run dotnet dev-certs https -c -v, I get back No valid certificate found.
But when I run dotnet dev-certs https --trust, I get back A valid HTTPS certificate is already present. Or after I've deleted my certs in the keychaining I get The HTTPS developer certificate was generated successfully.
What would give these two commands different responses, why can one find it, and the other can't?
I've tried deleting the localhost certs in my keychain and regenerating them. I've tried that with 3 different major versions of the dotnet SDK. They generate just fine, but I always get the same result when running the aforementioned commands. I've tried running the dotnet certs https --clean command, but that doesn't actually work. I have to go into the keychain and delete them manually. I've tried uninstalling and reinstalling the dotnet-dev-certs tool with dotnet tool uninstall --global dotnet-dev-certs, but haven't had any luck. And I've tried running all the commands mentioned with sudo, just in case.
Why would the https --trust command say there's already a valid cert, but nothing else can find it? Even though it's in the keychain?
Alternatively, is there another way to run https with kestrel? Like a way to generate a self-signed cert in the root of a project and then point to that?
Could be a few reasons for this issue. I found three while trying to fix mine.
1. Something wrong with dotnet.
When you run the command:
The usual response must be something like that:
And when you run the command
You must get a response which looks like:
Here, the last line could either say
A valid HTTPS certificate is already present.or it could say that the certificate was trusted successfully, depending on whether you executed the command once or more than that.However, if running these commands give a result that look like this:
It means that there is definitely something wrong with your version of dotnet. I suggest to uninstall dotnet from your mac, and try to reinstall it from the official website.
Here is a quick and effective way to uninstall dotnet: https://stackoverflow.com/a/44089766/1928149
Now try adding the certificates again.
2. Dotnet may not be able to access the keychain.
In this case, run the following two commands:
Now, just go to your
Keychain Accessapp in macbook, search for certificates with the namelocalhostand delete them. (You can also drag and drop it to one of your folders before deleting, in case you need a backup.)Once you have removed all certificates, run the following:
Now, when you run the following:
You should find a certificate which is available as well as trusted.
3. CryptographicException while reading the certificates.
Run the following command:
This should display some debug information about your certificates. If the output gives an exception which is something like:
or
This is how it looked for me:
This means dotnet is having issues in reading certificates from your keychain because of a particular unrelated certificate. Go to your
Keychain Accessapp and look for the certificatecertificate-nameas shown in the logs above. Keep a backup of this certificate and delete it from yourKeychain Accessapp. Try to run the following command again:Hopefully, it lists certificates without any exceptions now.
Now, follow
Point #2above and hopefully things should now work.