SSL and core

As I inch toward, working a working deployed app ( core WebApi + IdentityServer + Angular2), another hurdle: SSL.  I have a certificate on the server, but what about the development machine.  When using IIS express in VS, this seems to magically work, but how to get this to work directly from Kestrel?

As has often been the case for me (mostly via pluralsight), Shawn Wildermuth to the rescue.  He describes the setup, including self-signed certificates here.  I saved this process out as a powershell script:

$exe = “C:\Program Files (x86)\Windows Kits\10\bin\x64\”;
cd $exe;
$filename = “e:\myCertName”;
$cmd1 = “.\makecert.exe -sv ” + $filename + “.pvk -n “”CN=myOrganization”” ” + $filename + “.cer -r”;
iex $cmd1;
$password = “myPassword”;
$cmd2 = “.\pvk2pfx.exe -pvk ” + $filename + “.pvk -spc ” + $filename + “.cer -pfx ” + $filename + “.pfx -pi ” + $password;
iex $cmd2;


But, now when I deploy, I do not want to use this certificate – I want the formal server certificate.  I had to therefore use a conditional debug block in the program.cs.  There is likely a better way.



            var host = new WebHostBuilder()
new X509Certificate2(“myCertName.pfx”, “myPassword”)))


Then setting the application to accept SSL was relatively straight forward in IIS.  Under advanced settings, accepting either HTTP or HTTPS works.  The “SSL Settings” link in the main IIS panel, does not need to be changed – no need to check require SSL (this will break re-routing if it is checked).

Then, in the URL rewrite tab, reroute from HTTP to HTTPS as described here.

The web.config will appear as follows. If you use the forms to complete this on the server, then copy the resulting settings into the web config in Visual Studio, or all your settings will be over-written on publish.


        <rule name="Http to https" stopProcessing="true">
          <match url="(.*)" />
            <add input="{HTTPS}" pattern="off" />
          <action type="Redirect" url="{REQUEST_URI}"
                 redirectType="Found" />









This entry was posted in Uncategorized. Bookmark the permalink.