How to allow HTTPS connections from both localhost and container towards an ASP.NET Core Web API application?
I think you are right - dotnet dev-certs
only generates certs for localhost
. And as far as I can tell is not configurable. So it seems you will have to generate your own self-signed cert and trust it. Assuming you're on Windows, one way to do it is with Powershell's New-SelfSignedCertificate:
#create a SAN cert for both host.docker.internal and localhost$cert = New-SelfSignedCertificate -DnsName "host.docker.internal", "localhost" -CertStoreLocation cert:\localmachine\my#export it for docker container to pick up later$password = ConvertTo-SecureString -String "123123" -Force -AsPlainTextExport-PfxCertificate -Cert $cert -FilePath C:\https\aspnetapp.pfx -Password $password# trust it on your host machine$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"$store.Open("ReadWrite")$store.Add($cert)$store.Close()
Assuming you use Microsoft-supplied base images for your apps, to hint Kestrel to pick the new cert up you will probably have to run docker like so:
docker pull your_docker_imagedocker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="123123" -e ASPNETCORE_Kestrel__Certificates__Default__Path=\https\aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:C:\https\ your_docker_imagedocker run <your image> --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="123123" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
Note I'm exporting the cert to C:\https
which then gets mounted onto the container.
You might have to play around with paths and domain names but hopefully that gives you a starting point.
OpenSSL is another possible solution here that would be cross-platform as well
UPD Since Docker machines are often Linux, this answer might not be a complete solution. Check out my other answer on the same topic - that one leverages off OpenSSL to perform the task and goes into how to embed self-signed certs into Docker images on build.