In this post I will describe how to run ASP.Net Core Web API on Kestrel development web server under https. First of all we need to create self-signed SSL certificate. We may generate it with PowerShell (see Use self-signed SSL certificate for web API hosted in Azure App service) or openssl tool:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout test.key -out test.crt -config test.conf -passin pass:123 openssl pkcs12 -export -out test.pfx -inkey test.key -in test.crt -passout pass:123
For running above commands we will need config file test.conf with information about domain name. It may look like that:
[req] default_bits = 2048 default_keyfile = test.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [req_distinguished_name] countryName = countryName_default = stateOrProvinceName = stateOrProvinceName_default = localityName = localityName_default = organizationName = Test organizationName_default = Test organizationalUnitName = organizationalunit organizationalUnitName_default = Development commonName = api.example.com commonName_default = api.example.com commonName_max = 64 [req_ext] subjectAltName = @alt_names [v3_ca] subjectAltName = @alt_names [alt_names] DNS.1 = api.example.com
Once private key (pfx) is created we may install it to the local certificates store: double click pfx, and follow certificate installation wizard with default settings:
We will also need to provide password for private key in this wizard (in above example "123").
Once certificate is installed to the certificates store we need to set the following parameters in appsettings.json file of our ASP.Net Core Web API project:
{
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://api.example.com:5057"
},
"HttpsInlineCertStore": {
"Url": "https://api.example.com:5058",
"Certificate": {
"Subject": "api.example.com",
"Store": "My",
"Location": "CurrentUser",
"AllowInvalid": true
}
}
}
}
}
(since in our example self-signed certificate is used we need to set AllowInvalid: true parameter). If everything is done correctly Web API will run on local Kestrel dev server under https.
No comments:
Post a Comment