0

I have created self-host web API in .Net using asp.net core, I need to configure it with SSL. Here is the windows code to do the that.

public class Program
{
    public static void Main(string[] args)
    {
        try
        {
            int portNumber = 12285;
            X509Certificate2 sSLCertificate = new X509Certificate2(SSLCert, pfxPassword);

            using (X509Store x509Store3 = new X509Store(StoreName.My, StoreLocation.LocalMachine))
            {
                x509Store3.Open(OpenFlags.ReadWrite);
                if (x509Store3.Certificates.Contains(sSLCertificate))
                    x509Store3.Remove(sSLCertificate);
                x509Store3.Add(sSLCertificate);
                x509Store3.Close();
                X509Chain x509Chain = new X509Chain();
                x509Chain.Build(sSLCertificate);
                for (int index = 0; index < x509Chain.ChainElements.Count; ++index)
                {
                    X509Certificate2 certificate2 = x509Chain.ChainElements[index].Certificate;
                    if (certificate2 != null)
                    {
                        X509Store x509Store4 = index != 0 ? (index != 1 ? new X509Store(StoreName.Root, StoreLocation.LocalMachine) : new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine)) : new X509Store(StoreName.My, StoreLocation.LocalMachine);
                        x509Store4.Open(OpenFlags.ReadWrite);
                        if (x509Store4.Certificates.Contains(certificate2))
                            x509Store4.Remove(certificate2);
                        x509Store4.Add(certificate2);
                        x509Store4.Close();
                    }
                }
            }
            CommonUtils.RunCommand(@"netsh http add urlacl url=https://+:" + portNumber.ToString() + @"/ user=Everyone");
            CommonUtils.RunCommand(@"netsh http dele sslcert ipport=0.0.0.0:" + portNumber.ToString());
            CommonUtils.RunCommand(@"netsh http add sslcert ipport=0.0.0.0:" + portNumber.ToString() + " appid= {a4bda4bd-1212-44fa-a9c9-da61f74abcd} certhash=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08");
            CommonUtils.RunCommand(@"CheckNetIsolation LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe");
            BuildWebHost(args, portNumber, sSLCertificate).Run();
        }
        catch (System.Exception ex)
        {
            Console.WriteLine(ex);
        }
    }

    public static IWebHost BuildWebHost(string[] args, int portNumber, X509Certificate2 sSLCertificate) =>
        WebHost.CreateDefaultBuilder(args)
        .UseKestrel(options =>
            {
                options.Listen(IPAddress.Loopback, portNumber, listenOptions =>
                {
                    listenOptions.UseHttps(sSLCertificate);
                });
            })
        .UseStartup<Startup>()
        .Build();
}

I need to do the same in Linux and OSX as I cannot use certificate store and netsh in those platforms is there any alternative to do the same.

Prashanth
  • 507
  • 5
  • 25
  • How to register certificate to SSL port? – Prashanth Jan 10 '18 at 08:09
  • I am not perfectly sure what your `netsh` commands are supposed to do but I am 99% sure that you don’t need to do any of that. Kestrel is a standalone webserver that does not look for OS level configuration. It will just bind to the port you say it should bind to and then will respond properly to requests reaching that port. If you configure Kestrel to use HTTPS, then it will make sure to use the configured certificate. – poke Jan 10 '18 at 08:14
  • Judging from the documentation of those `netsh` commands, the `sslcert` part would only apply to the HTTP.sys, which is not what Kestrel is using (Kestrel is built on top of libuv), and the `urlacl` part seems to apply to WCF which has nothing to do with your ASP.NET webserver. – In any way, this is not necessary on Windows (I run ASP.NET Core apps with HTTPS in production on Windows server and never touched any `netsh` stuff for that), and especially not needed on other operating systems. – poke Jan 10 '18 at 08:16
  • Thanks no need to add the certificate to store and register certificate to SSL port as in self-host web API. – Prashanth Jan 15 '18 at 04:40

0 Answers0