39

I am working through Adam Freeman's book "Pro ASP.Net Core 3". I have gotten to the introduction to https. He instructs us to use Powershell and run these commands in this order

dotnet dev-certs https --clean dotnet dev-certs https --trust

When I run the clean command, I get a message saying

"HTTPS development certificates successfully removed from the machine."

But when I run the trust command, I get:

"A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it: 'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9' This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/2.1/troubleshootcertissues

A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it: 'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9' This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/3.1/troubleshootcertissues

Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. There was an error trusting HTTPS developer certificate."

I tried

  • running dotnet dev-certs https results in "A valid HTTPS certificate is already present."
  • running powershell as administrator. But I got the same errors. The book says I may get a couple of dialog boxes, but I did not get them.
  • dotnet --version gives me 3.1.200.

What do I have to do to get the certificate to work?

Improve this question
4
  • 3
    A valid HTTPS certificate is already present. It seems that the developer certificate has been generated, you can try to manually trust the certificate with the ASP.NET Core HTTPS development certificate friendly name by copying from Current User > Personal > Certificates into Current User > Trusted root certification authorities > Certificates within the certificate manager UI. Then check if it works for you. Commented Sep 23, 2020 at 9:24
  • Great! That worked! Hi @ROBERTRICHARDSON, glad to hear the workaround did help resolve the problem. I write a post, and you can accept it as answer, which would help other community members quickly find this case and resolve similar issue. Commented Sep 24, 2020 at 3:16
  • I'm getting the same circular block....but on a Mac. (I am not a Mac fan, but in our hybrid java/dotnet-core environment, developers are issued Macs as the PC network policies are so tightly locked down). Why is my computer lying to me?? :). "HTTPS development certificates successfully removed from the machine." Commented Mar 31, 2021 at 11:46
  • Future readers. Someone shows a "bigger hammer" idea here : github.com/dotnet/AspNetCore.Docs/issues/…. dotnet tool uninstall --global dotnet-dev-certs dotnet tool install --global dotnet-dev-certs dotnet dev-certs https --trust (It is not working for Mac, FYI, but I saw it .. so left a breadcrumb here) Commented Mar 31, 2021 at 11:50

9 Answers 9

Reset to default
43

Ok...I found a MAC super hint at the github link below.

(It ~might translate to the PC side...but I cannot test that)

https://github.com/dotnet/sdk/issues/10422

Encountered the same issue on macOS. As a solution, in the keychain, remove the old localhost certificate under 'System' and recreate it via the dotnet commands described in the docs. It will be placed under 'login'.

So to better describe the above quote, I've added a screen shot here (image below with the magenta/fuchsia/pinkish circles), to provide a "here is where it is on the Mac".....of what the text above describes..

So my steps were:

dotnet dev-certs https --clean dotnet dev-certs https --check // (DO THE MANUAL keychain-old-localhost removal NOW (image below) // (before running the below terminal commands) dotnet dev-certs https --check dotnet dev-certs https dotnet dev-certs https --trust

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

This worked perfectly! I never would have figured this out on my own.
@MerkleGroot I hear ya. You feel like you're in a Minotaur occupied Labyrinth...trying to get it corrected. Please report back if you were Mac or PC.
This was a Mac and I'm far from a Mac expert.
Mac is my least (and emphasis on least) preferred O/S. I'll run win10, and I'll run "real linux" (ubuntu for example..with "cinnamon"). but mac o/s, not a fan. However, my current company, developers get "admin rights" on macs, but not pc's. So I gotta live on one out of necessity.
Works well- but on Windows 11, required a Windows restart after the --trust step.
|
10

What do I have to do to get the certificate to work?

For some reason, dotnet CLI might throw exception while we use dotnet dev-certs https --trust command to trust the HTTPS development certificate.

As a workaround, we can try following steps to manually trust the certificate.

  1. Run dotnet dev-certs https command to generate a HTTPS certificate (if you do not generate it)

  2. Copy the certificate with the ASP.NET Core HTTPS development certificate friendly name by copying from Current User > Personal > Certificates into Current User > Trusted root certification authorities > Certificates within the certificate manager UI, like below.

    enter image description here

Improve this answer

2 Comments

For me this worked 1) using certmgr.msc backup all localhost certificates under Personal and then remove them 2) dotnet dev-certs https resulted in A valid HTTPS certificate with a key accessible across security partitions was not found... 3) i copied a still valid ASP.NET Core HTTPS development certificate from Current User > Trusted root certification authorities > Certificates to Current User > Personal > Certificates This worked at least that much that dotnet run worked
Thanks, this kind of worked for me as I can now see the cert in trusted root, however when I start the application it still doesn't show up. Debugging now
9

The below command worked for me

  • dotnet dev-certs https --clean
  • dotnet dev-certs https --trust

enter image description here

Improve this answer

Comments

7

This is a tricky issue, and I've tried several methods without luck for ASP.NET Core website project. I'm using VS Code on a Mac (macOS 12.6.7).

When I run the following commands in the VS Code terminal, it worked for me. The difference from other tips in this thread is the dotnet clean command. In steps:

  1. Ensure a clean ASP.NET Core project: dotnet clean
  2. Clear existing certificate: dotnet dev-certs https --clean
  3. Create a fresh certificate: dotnet dev-certs https --trust

Now I was able to run the project with dotnet run and reloading the browser.

PS: If you're lazy, you can also chain the commands like this:

dotnet clean && dotnet dev-certs https --clean && dotnet dev-certs https --trust
Improve this answer

Comments

3

As others have suggested, removing old ASP.NET certs in the certificate manager on Windows may work (it did for me). Just be sure you open 'certmgr.msc'.

Windows search suggests 'certlm.msc', which displays certs for the local machine, not the local user. I didn't notice I was opening the wrong one for too long.

Improve this answer

Comments

2

NONE of the solution worked for me, spent an hour on this on Windows.

This worked:

  1. go to %APPDATA%\ASP.NET\https
  2. DELETE EVERYTHING
  3. Then do the --clean + --trust thingy again.
Improve this answer

1 Comment

What if I don't have the https folder?
0

For me on Windows 10 running Visual Studio 2022 all I had to do was

dotnet dev-certs https --clean

Then I rebooted my PC and opened my solution again. When running the solution I got the "trust the VS cert" dialog box like I should have the first time I ran my project.

Everything works now and I can run my project.

Improve this answer

Comments

0

If you still have the same error after trying all solutions your problem could be related to Kestrel. In that case this solution may help: https://stackoverflow.com/a/71026252/5059176. Removing Kestrel was also solution for me and switch to IIS for example. Just note if you are removing Kestrel don't forget to remove it from appsettings.json and not just from the code.

Improve this answer

Comments

0

If you're on macOS and the top answer doesn't work, while generating the certificate directly from Rider, I noticed that I got this message: An error occurred while listing the certificates: System.Security.Cryptography.CryptographicException: Certificate '{numberOfCertificateHere}' is corrupted. So, you need to delete it manually from the Keychain Access window and then either proceed from Rider to generate it, or using dotnet dev-certs https --clean and dotnet dev-certs https --trust

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.