Instructions for trusting dev-cert in WSL still result in "certificate is not trusted" warning

[glen-84]

trafficstars

I have followed the instructions:

• Trust HTTPS certificate from Windows Subsystem for Linux
• Ubuntu trust the certificate for service-to-service communication

And I still get:

The ASP.NET Core developer certificate is not trusted. For information about trusting the ASP.NET Core developer certificate, see ...

... when I run the application in WSL.

What am I missing? This should work with the default paths used by Kestrel, right?

(Windows 11, WSL with Debian, dotnet 7, OpenSSL 1.1.1n, etc.)

---

Document details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: c7ddfb2f-5dea-5e31-2a27-02a4dc16104c
• Version Independent ID: 12ca0b9a-2638-a4ce-c45f-d4579c83dafb
• Content: Enforce HTTPS in ASP.NET Core
• Content Source: aspnetcore/security/enforcing-ssl.md
• Product: aspnet-core
• Technology: aspnetcore-security
• GitHub Login: @Rick-Anderson
• Microsoft Alias: riande

[Rick-Anderson]

dotnet dev-certs https --clean dotnet dev-certs https --trust

[glen-84]

--trust doesn't work on Linux.

[Plusce]

I have the same problem. I installed WSL with Ubuntu 20.04, .NET 7.0.100, also I use Rider IDE.

I tried these steps:

• Trust HTTPS certificate from Windows Subsystem for Linux
• Ubuntu trust the certificate for service-to-service communication
• OpenSSL configuration

When I run project from Windows terminal, certificate is applied correctly. From WSL Ubuntu terminal it always looks like this:

dotnet run service --project Gymmer.Service Building... info: Gymmer.Service[0] Executing migrations. info: Gymmer.Service[0] Executing seeding. > warn: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[8] > The ASP.NET Core developer certificate is not trusted. For information about trusting the ASP.NET Core developer certificate, see https://aka.ms/aspnet/https-trust-dev-cert.

@Rick-Anderson unfortunately, these commands won't help:

dotnet dev-certs https --clean dotnet dev-certs https --trust

[Rick-Anderson]

@glen-84 @Plusce Partial instructions here

[glen-84]

@Rick-Anderson

You seem to have linked to a random comment in that issue.

I tried:

• dotnet dev-certs https -ep localhost.crt --format PEM
• sudo cp localhost.crt /usr/lib/ssl/certs/aspnetcore-https-localhost.pem

... but I still get the warning.

I've posted a comment in the linked issue.

[mrtabaa]

The same issue. Any solution found so far?

[StephenRobin]

I noticed this today. It appears that Microsoft.AspNetCore.Certificates.Generation.UnixCertificateManager has

public override bool IsTrusted(X509Certificate2 certificate) => false;

which causes this warning to be always logged by Kestrel, even when the root certificate is trusted.

[Serge-N]

If you still face this issue : try some ideas from here.