Unable to trust development certificate
See original GitHub issueWorking with @sayedihashimi as an intern at Microsoft, and I’m running into this blocking issue. He was unable to figure out what was going on.
Steps to reproduce
- Create project using
dotnet new web
dotnet build
dotnet run
Expected behavior
Web app runs
Actual behavior
Getting error about development certificate
Anands-MBP:dasdasdakjfh louistaing$ dotnet run
: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using '/Users/louistaing/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
crit: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
Unhandled Exception: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
at dasdasdakjfh.Program.Main(String[] args) in /Users/louistaing/Projects/dasdasdakjfh/dasdasdakjfh/Program.cs:line 17
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ dotnet dev-certs https --clean
Cleaning HTTPS development certificates from the machine. This operation might require elevated privileges. If that is the case, a prompt for credentials will be displayed.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --trust
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --clean --verbose
Cleaning HTTPS development certificates from the machine. This operation might require elevated privileges. If that is the case, a prompt for credentials will be displayed.
HTTPS development certificates successfully removed from the machine.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --check --verbose
No valid certificate found.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --trust --verbose
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.
A valid HTTPS certificate is already present.
Anands-MBP:dasdasdakjfh louistaing$ sudo dotnet dev-certs https --check --verbose
No valid certificate found.
Anands-MBP:dasdasdakjfh louistaing$
Environment data
dotnet --info
output:
Anands-MBP:dasdasdakjfh louistaing$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 2.2.401
Commit: 729b316c13
Runtime Environment:
OS Name: Mac OS X
OS Version: 10.13
OS Platform: Darwin
RID: osx.10.13-x64
Base Path: /usr/local/share/dotnet/sdk/2.2.401/
Host (useful for support):
Version: 2.2.6
Commit: 7dac9b1b51
.NET Core SDKs installed:
2.1.700 [/usr/local/share/dotnet/sdk]
2.2.300 [/usr/local/share/dotnet/sdk]
2.2.401 [/usr/local/share/dotnet/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.11 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.5 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.6 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.11 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.5 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.6 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.11 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.5 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.6 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
Anands-MBP:dasdasdakjfh louistaing$
Issue Analytics
- State:
- Created 4 years ago
- Comments:13 (10 by maintainers)
Top Results From Across the Web
dotnet dev-certs certificate not trusted
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted.
Read more >There was an error trusting HTTPS developer certificate.
I tried to trust the certificate from Visual Studio and from dotnet dev-certs tool from the administrator PowerShell. Both fail.
Read more >Keep getting HTTPS development certificate was not found ...
Error: "Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is ...
Read more >Failed to trust HTTPS certificate
in macOS Mojave and with latest Visual studio, can't get developer certificate work anymore. get the error Failed to trust HTTPS Certificate.
Read more >Apple Development Certificate not trusted - no root cert ...
The Apple Development certificate I'm using is not trusted, and when I evaluate it, it tells me that there is No Root Certificate...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Encountered the same issue on macOS. As a solution, in the keychain, remove the old localhost certificate under ‘System’ and recreate it via the dotnet commands described in the docs. It will be placed under ‘login’.
We found a bug with the dev-certs tool that caused issues with --clean and --check. We’ll be fixing it in preview9.
It’s hard to see if your scenario is hitting this issue but it’s a good guess that it is