How to allow HTTPS connections from both localhost and container towards an ASP.NET Core Web API application? How to allow HTTPS connections from both localhost and container towards an ASP.NET Core Web API application? docker docker

How to allow HTTPS connections from both localhost and container towards an ASP.NET Core Web API application?


docker asp.net-core https ssl-certificate

I think you are right - dotnet dev-certs only generates certs for localhost. And as far as I can tell is not configurable. So it seems you will have to generate your own self-signed cert and trust it. Assuming you're on Windows, one way to do it is with Powershell's New-SelfSignedCertificate: 

#create a SAN cert for both host.docker.internal and localhost$cert = New-SelfSignedCertificate -DnsName "host.docker.internal", "localhost" -CertStoreLocation cert:\localmachine\my#export it for docker container to pick up later$password = ConvertTo-SecureString -String "123123" -Force -AsPlainTextExport-PfxCertificate -Cert $cert -FilePath C:\https\aspnetapp.pfx -Password $password# trust it on your host machine$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"$store.Open("ReadWrite")$store.Add($cert)$store.Close()

Assuming you use Microsoft-supplied base images for your apps, to hint Kestrel to pick the new cert up you will probably have to run docker like so:

docker pull your_docker_imagedocker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="123123" -e ASPNETCORE_Kestrel__Certificates__Default__Path=\https\aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:C:\https\ your_docker_imagedocker run <your image> --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="123123" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx

Note I'm exporting the cert to C:\https which then gets mounted onto the container.

You might have to play around with paths and domain names but hopefully that gives you a starting point.

OpenSSL is another possible solution here that would be cross-platform as well

UPD Since Docker machines are often Linux, this answer might not be a complete solution. Check out my other answer on the same topic - that one leverages off OpenSSL to perform the task and goes into how to embed self-signed certs into Docker images on build.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last