This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 3%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hi, I've created a ASP.NET Core Web API service (using dotnet 6) that pulls data out of a public transport api and updates various internal APIs with that data. The system it runs on is public facing.
The production system is a Windows 2022 server and the app will run as a windows service.
I tried to run the app on the system, but got the error:
general exception: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
I'm used to seeing this on a dev machine and can fix it with:
dotnet dev-certs https --trust
As I understand it - this is just a development process and shouldn't be done on a production public facing system.
Q1: Presumably it can be fixed by generating an HTTPS certificate from one of the many online certificate providers? (Q1a how would that be installed? Q1b and would it work for a Windows Service?)
Q2: Would I need to change anything in the boilerplate code generated by Visual Studio? MSDN seems to imply I need to change it with:
builder.Services.Configure<KestrelServerOptions>(options => {
options.ConfigureHttpsDefaults(options =>
options.ClientCertificateMode = ClientCertificateMode.RequireCertificate);
});
Many thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
you are confusing client certificates, which are used for client authentication over a ssl connection and ssl server certificates. see:
once you purchase your x509 certificate, you should get a .pfx file and password
try:
builder.WebHost.ConfigureKestrel(serverOptions =>
{
serverOptions.ConfigureEndpointDefaults(listenOptions =>
{
listenOptions.UseHttps(certFileName, password);
});
});
So I need a x509 client certificate in pfx format and as I understand it from other docs, I can configure it my appsettings with something like
{
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://your_domain_or_ip:port",
"Certificate": {
"Path": "path_to_your_certificate_file",
"Password": "certificate_password_if_required"
}
}
}
}
}
Many thanks for the input.
Yes, but loading setting from app setting is no longer the default, you must configure Kestrel to read setting.
It actually works straight out of the box for me (with the added appsettings bits)
but thanks a lot