Generate Trusted Self-Signed Certificate in .NetCore Console Application










1














I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.



I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.



I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".



I followed the exact answer on this link "Generate self signed certificate on the fly".



Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.










share|improve this question


























    1














    I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.



    I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.



    I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".



    I followed the exact answer on this link "Generate self signed certificate on the fly".



    Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.










    share|improve this question
























      1












      1








      1







      I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.



      I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.



      I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".



      I followed the exact answer on this link "Generate self signed certificate on the fly".



      Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.










      share|improve this question













      I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.



      I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.



      I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".



      I followed the exact answer on this link "Generate self signed certificate on the fly".



      Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.







      ssl .net-core ssl-certificate self-hosting






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 12 at 8:17









      Ruan

      82




      82






















          1 Answer
          1






          active

          oldest

          votes


















          1














          The specific problem is that .NET Core does not support the setter on cert.PrivateKey.



          The closest analog is cert.CopyWithPrivateKey, but the code is different. Rather than



          cert.PrivateKey = key;
          return cert;


          you need something more like



          return cert.CopyWithPrivateKey(key);


          because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.



          FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.






          share|improve this answer




















          • That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
            – Ruan
            Nov 13 at 6:22










          • @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
            – bartonjs
            Nov 13 at 16:38










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258151%2fgenerate-trusted-self-signed-certificate-in-netcore-console-application%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          The specific problem is that .NET Core does not support the setter on cert.PrivateKey.



          The closest analog is cert.CopyWithPrivateKey, but the code is different. Rather than



          cert.PrivateKey = key;
          return cert;


          you need something more like



          return cert.CopyWithPrivateKey(key);


          because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.



          FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.






          share|improve this answer




















          • That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
            – Ruan
            Nov 13 at 6:22










          • @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
            – bartonjs
            Nov 13 at 16:38















          1














          The specific problem is that .NET Core does not support the setter on cert.PrivateKey.



          The closest analog is cert.CopyWithPrivateKey, but the code is different. Rather than



          cert.PrivateKey = key;
          return cert;


          you need something more like



          return cert.CopyWithPrivateKey(key);


          because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.



          FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.






          share|improve this answer




















          • That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
            – Ruan
            Nov 13 at 6:22










          • @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
            – bartonjs
            Nov 13 at 16:38













          1












          1








          1






          The specific problem is that .NET Core does not support the setter on cert.PrivateKey.



          The closest analog is cert.CopyWithPrivateKey, but the code is different. Rather than



          cert.PrivateKey = key;
          return cert;


          you need something more like



          return cert.CopyWithPrivateKey(key);


          because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.



          FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.






          share|improve this answer












          The specific problem is that .NET Core does not support the setter on cert.PrivateKey.



          The closest analog is cert.CopyWithPrivateKey, but the code is different. Rather than



          cert.PrivateKey = key;
          return cert;


          you need something more like



          return cert.CopyWithPrivateKey(key);


          because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.



          FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 12 at 14:33









          bartonjs

          12.9k12052




          12.9k12052











          • That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
            – Ruan
            Nov 13 at 6:22










          • @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
            – bartonjs
            Nov 13 at 16:38
















          • That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
            – Ruan
            Nov 13 at 6:22










          • @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
            – bartonjs
            Nov 13 at 16:38















          That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
          – Ruan
          Nov 13 at 6:22




          That did the trick thank you very much! :) Then only thing now is I get a "ERR_CERT_COMMON_NAME_INVALID" when trying to browse to the self hosted web api. My common name, when generating the Certificates, are set as "CN=My Company Name" for the root certificate and "CN=127.0.0.1" for the self-signed certificate. Do you know what I might be doing wrong?
          – Ruan
          Nov 13 at 6:22












          @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
          – bartonjs
          Nov 13 at 16:38




          @Ruan Chrome doesn’t use Common Name for matching. You’ll need to build the Subject Alternative Name entry for your child cert (using 127.0.0.1 as an IPAddress entry, not a DNSName entry)
          – bartonjs
          Nov 13 at 16:38

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258151%2fgenerate-trusted-self-signed-certificate-in-netcore-console-application%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Top Tejano songwriter Luis Silva dead of heart attack at 64

          政党

          天津地下鉄3号線