sample request: demonstate how to configure a ssl certificate file(reuse a file that a webserver such as nginx uses)

[LeiYangGH]

trafficstars

Could you add such a sample?

[dodyg]

Never done it before but I can try

[LeiYangGH]

thanks. i've read the microsoft docs but it seems too many ways and all look complicated. and i wonder why there isn't a simple way of configuration in appsettings.json.

I'm currently using very ugly walkaround:

                    webBuilder.UseStartup<Startup>()
                    .UseKestrel(options =>
                    {
                        var environmentName = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
                        if (environmentName != "Development")
                        {
                            options.Listen(IPAddress.Any, 5000);
                            options.Listen(IPAddress.Any, 5001, listenOptions =>
                            {
                                listenOptions.UseHttps("/path to my cert.pfx", "some salt string");
                            });
                        }

                    });

[Tratcher]

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-5.0#replace-the-default-certificate-from-configuration

{
  "Kestrel": {
    "Endpoints": {
      "HttpsInlineCertFile": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "<path to .pfx file>",
          "Password": "<certificate password>"
        }
      },

Note as of 5.0 it also automatically rebinds if you change the Kestrel config section.

[LeiYangGH]

@Tratcher, tried but without luck. The problem is, the settings json structure above is unlike appSettings.json nor launchSettings.json(at least default template doesn't contain the section), so i'm not sure where to put that configuration(in the standard way). and seems extra code is also required to load that configuraion Configure(context.Configuration.GetSection("Kestrel")). Is there any configurations in appSettings.json or launchSettings.json, to specify a pfx file in Production environment, without modified any code?

[LeiYangGH]

Let me summarize the goal, if not clear:

• Configure a Certificate path and password in json, with built in parsing mechanism and least extra code(even no code is best)
• The configuration should be tied to specific environment or profile. For example, in development environment, asp.net core uses localhost certificate by default, no need to change the behaviour. But in production environment, we must specify the correct ssl certificate otherwise website is reported insecure when accessing.

[Tratcher]

For that second requirement you'd use appsettings.production.json vs appsettings.development.json. The host should load the correct config at runtime.

[LeiYangGH]

thanks for your comments!

[lohithgn]

@LeiYangGH the kestrel setting needs to be added to appsettings.json file. launchsettings.json is not used by the run time. launchsettings is used by Visual Studio or dotnet cli to bind the url to your app when you run the app. Here is the schema for appsettings.json http://json.schemastore.org/appsettings. kestrel is one of the nodes in your appsettings.json.