Generate Trusted Self-Signed Certificate in .NetCore Console Application
I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.
I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.
I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".
I followed the exact answer on this link "Generate self signed certificate on the fly".
Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.
ssl .net-core ssl-certificate self-hosting
add a comment |
I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.
I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.
I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".
I followed the exact answer on this link "Generate self signed certificate on the fly".
Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.
ssl .net-core ssl-certificate self-hosting
add a comment |
I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.
I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.
I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".
I followed the exact answer on this link "Generate self signed certificate on the fly".
Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.
ssl .net-core ssl-certificate self-hosting
I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.
I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.
I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".
I followed the exact answer on this link "Generate self signed certificate on the fly".
Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.
ssl .net-core ssl-certificate self-hosting
ssl .net-core ssl-certificate self-hosting
asked Nov 12 at 8:17
Ruan
82
82
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The specific problem is that .NET Core does not support the setter on cert.PrivateKey.
The closest analog is cert.CopyWithPrivateKey
, but the code is different. Rather than
cert.PrivateKey = key;
return cert;
you need something more like
return cert.CopyWithPrivateKey(key);
because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.
FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258151%2fgenerate-trusted-self-signed-certificate-in-netcore-console-application%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The specific problem is that .NET Core does not support the setter on cert.PrivateKey.
The closest analog is cert.CopyWithPrivateKey
, but the code is different. Rather than
cert.PrivateKey = key;
return cert;
you need something more like
return cert.CopyWithPrivateKey(key);
because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.
FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
add a comment |
The specific problem is that .NET Core does not support the setter on cert.PrivateKey.
The closest analog is cert.CopyWithPrivateKey
, but the code is different. Rather than
cert.PrivateKey = key;
return cert;
you need something more like
return cert.CopyWithPrivateKey(key);
because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.
FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
add a comment |
The specific problem is that .NET Core does not support the setter on cert.PrivateKey.
The closest analog is cert.CopyWithPrivateKey
, but the code is different. Rather than
cert.PrivateKey = key;
return cert;
you need something more like
return cert.CopyWithPrivateKey(key);
because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.
FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.
The specific problem is that .NET Core does not support the setter on cert.PrivateKey.
The closest analog is cert.CopyWithPrivateKey
, but the code is different. Rather than
cert.PrivateKey = key;
return cert;
you need something more like
return cert.CopyWithPrivateKey(key);
because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.
FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.
answered Nov 12 at 14:33
bartonjs
12.9k12052
12.9k12052
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
add a comment |
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
– Ruan
Nov 13 at 6:22
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
@Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
– bartonjs
Nov 13 at 16:38
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258151%2fgenerate-trusted-self-signed-certificate-in-netcore-console-application%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown