sample request: demonstate how to configure a ssl certificate file(reuse a file that a webserver such as nginx uses)

Question

sample request: demonstate how to configure a ssl certificate file(reuse a file that a webserver such as nginx uses)

LeiYangGH opened this issue 3 years ago · comments

Yang Lei commented 3 years ago

Could you add such a sample?

Dody Gunawinata · Answer 1 · Tue Feb 23 2021 18:13:02 GMT+0800 (China Standard Time)

Never done it before but I can try

Yang Lei · Answer 2 · Tue Feb 23 2021 19:43:57 GMT+0800 (China Standard Time)

thanks. i've read the microsoft docs but it seems too many ways and all look complicated. and i wonder why there isn't a simple way of configuration in appsettings.json.

I'm currently using very ugly walkaround:

                    webBuilder.UseStartup<Startup>()
                    .UseKestrel(options =>
                    {
                        var environmentName = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
                        if (environmentName != "Development")
                        {
                            options.Listen(IPAddress.Any, 5000);
                            options.Listen(IPAddress.Any, 5001, listenOptions =>
                            {
                                listenOptions.UseHttps("/path to my cert.pfx", "some salt string");
                            });
                        }

                    });

Chris Ross · Answer 3 · Wed Feb 24 2021 01:03:25 GMT+0800 (China Standard Time)

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-5.0#replace-the-default-certificate-from-configuration

{
  "Kestrel": {
    "Endpoints": {
      "HttpsInlineCertFile": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "<path to .pfx file>",
          "Password": "<certificate password>"
        }
      },

Note as of 5.0 it also automatically rebinds if you change the Kestrel config section.

Yang Lei · Answer 4 · Wed Feb 24 2021 07:37:18 GMT+0800 (China Standard Time)

@Tratcher, tried but without luck.
The problem is, the settings json structure above is unlike appSettings.json nor launchSettings.json(at least default template doesn't contain the section), so i'm not sure where to put that configuration(in the standard way). and seems extra code is also required to load that configuraion Configure(context.Configuration.GetSection("Kestrel")).
Is there any configurations in appSettings.json or launchSettings.json, to specify a pfx file in Production environment, without modified any code?

Yang Lei · Answer 5 · Wed Feb 24 2021 09:00:47 GMT+0800 (China Standard Time)

Let me summarize the goal, if not clear:

Configure a Certificate path and password in json, with built in parsing mechanism and least extra code(even no code is best)
The configuration should be tied to specific environment or profile. For example, in development environment, asp.net core uses localhost certificate by default, no need to change the behaviour. But in production environment, we must specify the correct ssl certificate otherwise website is reported insecure when accessing.

Chris Ross · Answer 6 · Wed Feb 24 2021 09:24:31 GMT+0800 (China Standard Time)

For that second requirement you'd use appsettings.production.json vs appsettings.development.json. The host should load the correct config at runtime.

Yang Lei · Answer 7 · Wed Feb 24 2021 09:29:02 GMT+0800 (China Standard Time)

thanks for your comments!

Lohith · Answer 8 · Mon May 03 2021 19:19:45 GMT+0800 (China Standard Time)

@LeiYangGH the kestrel setting needs to be added to appsettings.json file. launchsettings.json is not used by the run time. launchsettings is used by Visual Studio or dotnet cli to bind the url to your app when you run the app. Here is the schema for appsettings.json http://json.schemastore.org/appsettings. kestrel is one of the nodes in your appsettings.json.