Kestrel HTTPS instructions are incomplete

[01binary]

Summary

• Kestrel configuration snippet that refers to appsettings.json should specify that appsettings.json should be edited Config model dropped from 2.0
• Steps for exporting certificate using openssl should mention that sudo elevation is required due to "unable to write random state" error
• Configuration snippets, file names, and the whole topic should be checked for missing info. Kestrel config might not be properly loaded from appsettings.json or perhaps additional Kestrel config is required.

Topic:
https://docs.microsoft.com/en-us/aspnet/core/security/https

I followed the instructions for Mac/Linux and got "Site can't be reached page". My starting point was this tutorial:

https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app-xplat/start-mvc

Beginning from the app created in that tutorial, I edited appsettings.json to add a top-level Kestrel key. I am guessing I had to edit appsettings.json because the topic didn't mention which file to edit.

"Kestrel": {
    "Endpoints": {
      "LocalhostHttps": {
        "Address": "127.0.0.1",
        "Port": "43434",
        "Certificate": "HTTPS"
      }
    }
  }

Then I followed the steps to export public (.cer) and private (.key) keys with the first "openssl" command and place them both into a personal certificate (.pfx). Those steps failed to mention that you get "unable to write random state" error unless you sudo both of them to elevate to admin context. I also added the cert to my keychain and trusted it as the topic directs.

Then I edited appsettings.Development.json:

"Certificates": {
    "HTTPS": {
      "Source": "Store",
      "StoreLocation": "CurrentUser",
      "StoreName": "My",
      "Subject": "CN=localhost",
      "AllowInvalid": true
    }
  }

I set Certificates:HTTPS:Password to the password used for the cert.

After this, I followed the steps here to force Kestrel to redirect all HTTP requests to HTTPS and disable HTTP:

https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl

Lastly, both dotnet run and starting using the debugger displayed the connection refused error:

This site can’t be reached
localhost refused to connect.
ERR_CONNECTION_REFUSED

The output was:

Hosting environment: Development
Content root path: /Users/user/Desktop/MvcMovie
Launching browser (open http://localhost:5000)
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.

Please check for missing information and update the topic for Mac/Linux users.

Note: I have an older Core project that configures Kestrel in Main:

public static readonly string Settings = "Properties/appsettings.json";

public static void Main(string[] args)
{
    var config = new ConfigurationBuilder()
        .SetBasePath(Directory.GetCurrentDirectory())
        .AddCommandLine(args)
        .AddEnvironmentVariables(prefix: "ASPNETCORE_")
        .AddJsonFile(Settings, optional: false)
        .Build();

    var host = new WebHostBuilder()
        .UseConfiguration(config)
        .UseKestrel(options =>
        {
            options.UseHttps(config["cert"], config["password"]);
            options.UseConnectionLogging();
        })
        .UseUrls(config["url"])
        .UseContentRoot(Directory.GetCurrentDirectory())
        .UseWebRoot(Path.Combine(Directory.GetCurrentDirectory(), config["webroot"]))
        .UseStartup<Startup>()
        .Build();

    host.Run();
}

... and this works.

[danroth27]

The config model for setting up HTTPS in Kestrel was removed from 2.0. The content has been removed, so I think we can close this one.