ASP.NET Core Kestrel Certificate Options RRS feed

  • Question

  • I am deploying ASP.NET Core 2.2 application as a Windows Service:


    I am trying to get the application to use a certificate that exists in the Trusted Root Certification Authority on our test server:

    Ref: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-2.2#endpoint-configuration

    Here is where it would be nice to have some more guidance:

    An alternative to using Path and Password for any certificate node is to specify the certificate using certificate store fields. For example, the Certificates > Default certificate can be specified as:

    "Default": {
      "Subject": "<subject; required>",
      "Store": "<cert store; defaults to My>",
      "Location": "<location; defaults to CurrentUser>",
      "AllowInvalid": "<true or false; defaults to false>"

    For instance, when I look at the details of the certificate I wish to use, there is a field named "Subject".  
    But what is the value for "Store"?  I assume it would be "Trusted Root Certification Authority"?  - This is where it lives when I view it from MMC.
    What is the value for "Location"?  It says it defaults to "CurrentUser", does that relate to "My User Account"?  Local Computer? What are other alternatives for "CurrentUser"?

    The only examples I found use "MyCert.pfx" along with the password which does work, but that would not be appropriate for production, nor would our security department accept that.  

    So, how do I deploy this without having to point to a local copy of a pfx file?

    Does Microsoft offer any information or examples as to which values to use for the above?  

    Or do we just try stuff until it works.

    Bill Behning

    • Moved by CoolDadTx Monday, April 29, 2019 6:19 PM ASP.NET related
    Monday, April 29, 2019 6:01 PM

All replies

  • Please post questions related to getting ASP.NET Core apps running in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    Monday, April 29, 2019 6:19 PM