I created a rest api project and I'm tring to access the https endpoint using curl like this:
$ dotnet new angular
$ curl -I -X GET 'https://localhost:5001/api/SampleData/WeatherForecasts'
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I googled around and these are the steps I took to extract the certificate from dotnet and add it to my repository of trusted CA certificates:
This is what I tried to do to add the certificate
# export netcore development certificate
$ dotnet dev-certs https -ep ~/tmp/localhost.pfx -p somepassword
# convert it to crt
$ openssl pkcs12 -in ~/tmp/localhost.pfx -clcerts -nokeys -out ~/tmp/localhost.crt
# copy to a folder in /usr/local/share/ca-certificates/
$ cd /usr/local/share/ca-certificates/
$ sudo mkdir dotnet_devel
$ sudo chmod -R 755 dotnet_devel
$ mkdir dotnet_devel
$ cd dotnet_devel
$ sudo cp ~/tmp/localhost.crt .
$ sudo chmod -R 644 localhost.crt
# update CA trusted certificates repository
$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:localhost.pem
done.
done.
I also tried setting the CURL_CA_BUNDLE env var like this:
$ export CURL_CA_BUNDLE=/usr/local/share/ca-certificates/dotnet_devel/localhost.crt
I keep getting the same curl error, more over, firefox and chrome tells me the connection is not secure
Additional info:
$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 2.2.203
Commit: e5bab63eca
Runtime Environment:
OS Name: ubuntu
OS Version: 18.04
OS Platform: Linux
RID: ubuntu.18.04-x64
$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
References:
https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line/649463#649463
https://github.com/aspnet/AspNetCore/issues/7246#issue-406461992
You don't show the output of
openssl validate localhost.crtbut I think you might be affected by this issue: https://github.com/openssl/openssl/issues/1418. I have worked around the issue by manually creating a cert instead: https://stackoverflow.com/a/59702094/3167480.