Receiving an ERR_BAD_SSL_CLIENT_AUTH_CERT error with Kestrel

Bryan Kardisco 1 Reputation point
2021-12-10T14:32:14.257+00:00

I am attempting to deploy an ASP.NET Core MVC App using the following set-up in my Program.cs

 public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {

                    webBuilder.ConfigureKestrel(o =>
                    {
                        o.ConfigureHttpsDefaults(defaults =>
                        {
                            string pass = @"MY_COMPLICATED_PASSWORD";
                            defaults.ServerCertificate = new X509Certificate2(@"C:\certs\my_ssl_file.pfx",
                                pass);
                            defaults.SslProtocols = SslProtocols.Tls12;
                            defaults.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
                        });
                    });

                    webBuilder.UseKestrel(options =>
                    {
                        options.ListenAnyIP(8384, o =>
                        {
                            o.UseHttps();
                        });
                    });

                    webBuilder.UseContentRoot(Directory.GetCurrentDirectory());
                    webBuilder.UseStartup<Startup>();

                });

When running locally I see the following

info: Microsoft.Hosting.Lifetime[0]

  Now listening on: https://[::]:8384

info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\path_to_my_application
crit: MyNameSpace.CertificateValidationService[1]
WE ARE IN THE VALID CERT SECTION
crit: MyNameSpace.CertificateValidationService[2]
THE CERT BEING PASSED WAS [A CERTIFICATE IS HERE]

This is everything I'd expect it to do local. The site launches, I see the debug statements, I can check that it's the proper x509 cert, etc. However, when trying to deploy this application to production I get the following issue

my_domain_name didn’t accept your login certificate, or one may not have been provided.

ERR_BAD_SSL_CLIENT_AUTH_CERT

As I mentioned I'm trying to use Kestrel so just launching the exe from Powershell. For my current needs I need to validate the user against a certificate.

Internet Information Services
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,002 questions
{count} votes