azure-functions-core-tools icon indicating copy to clipboard operation
azure-functions-core-tools copied to clipboard
verified publisher icon Azure

--useHttps with --cert does not use the specified certificate

Open pellebjerkestrand opened this issue 2 years ago • 4 comments

Running func start --useHttps --cert "path to certificate" results in the message Generating a self signed certificate using openssl, which is not expected.

Example at https://github.com/pellebjerkestrand/azure-functions-core-tools-cert-bug

pellebjerkestrand avatar Oct 01 '23 08:10 pellebjerkestrand

After trying to get this to work for a long time I finally have a working method.

My current software versions are:

OS: macOS 14.2.1 (23C71) Node: v18.18.1 Core Tools Version: 4.0.5455

The root of the path passed to --cert is the path passed to --script-root. This makes no sense to me. That doesn't matter, though, as what matters is that as far as I know it's undocumented.

When specifying a certificate using --cert, one must specify a password using --password. This password can not be empty or the empty string.

Neither the help printed by func start --help nor the documentation found on the web (https://learn.microsoft.com/en-us/azure/azure-functions/functions-core-tools-reference?tabs=v2#func-start) mention this behavior.

Relevant console output:

--useHttps              Bind to https://localhost:{port} rather than http://localhost:{port}. By default it creates and trusts a certificate.
--cert                  for use with --useHttps. The path to a pfx file that contains a private key
--password              to use with --cert. Either the password, or a file that contains the password for the pfx file

pellebjerkestrand avatar Feb 08 '24 08:02 pellebjerkestrand

I'm having the same issue. @pellebjerkestrand I'd appreciate it if you could clarify your workaround. When you say "The root of the path passed to --cert is the path passed to --script-root", what do you mean? As I'm using a dotnet function (as opposed to JS as you appear to be using), I am not passing --script-root. What does your working command line look like?

Also, running this command:

func start --enableAuth --cert mycert.pfx --useHttps

Results in the behavior described by @pellebjerkestrand (i.e. the certificate is not used; the tool creates its own self-signed certificate). If, however, I run this command:

func start --enableAuth --cert mycert.pfx --password thepassword.txt

I get this result:

Azure Functions Core Tools Core Tools Version: 4.0.5530 Commit hash: N/A +c8883e7f3c06e2b424fbac033806c19d8d91418c (64-bit) Function Runtime Version: 4.28.5.21962

The system cannot find the file specified.

This happens whether I use the actual password in the --password argument or whether the argument provides a filename.

godefroi avatar Mar 19 '24 21:03 godefroi

It looks like the .pfx file must be relative to where the host is running from. In the case of a C# function running on Windows during development (i.e. from func start on the command line), that is likely to be in the bin directory of wherever your project is. Adding this to the .csproj file solved the problem for me:

  <ItemGroup>
    <None Update="mycert.pfx">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
      <CopyToPublishDirectory>Never</CopyToPublishDirectory>
    </None>
  </ItemGroup>

godefroi avatar Mar 19 '24 21:03 godefroi

When you say "The root of the path passed to --cert is the path passed to --script-root", what do you mean?

I can see how the wording is confusing.

--cert seems to be relative to --script-root. I'd expect it to be relative to where func start is run (this is how --script-root works).

pellebjerkestrand avatar Mar 22 '24 15:03 pellebjerkestrand