I have an ASP.NET web app on ubuntu 20.04, and I am using SSL certificate in .pfx format, which works fine. However, I want to learn how to do the same with the .pem file.
I know it can be done in appsettings.json like this and through the HttpsFromPem key:
{
"Kestrel": {
"Endpoints": {
"HttpsInlineCertAndKeyFile": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "<path to .pem/.crt file>",
"KeyPath": "<path to .key file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
}
}
}
}
And I know how to use the .pfx format like so:
var httpsCert = Environment.GetEnvironmentVariable("HTTPS_CERT");
var httpsCertKey = Environment.GetEnvironmentVariable("HTTPS_CERT_KEY");
if (httpsCert != null && httpsCertKey != null)
{
options.Listen(IPAddress.Loopback, 5001,
listenOptions => listenOptions.UseHttps(httpsCert, httpsCertKey));
}
My question is: how to configure Kestrel to read cert from the .pem file in code?
You can just load it in using
var pemPath = //read in from configuration
var privateKeyPath = //read in from configuration
var certificate = X509Certificate2.CreateFromPemFile(pemPath, privateKeyPath);
Then you can configure Kestrel with something like this when you're configuring Kestrel.
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel(options =>
{
options.ConfigureHttpsDefaults(adapterOptions =>
{
adapterOptions.ServerCertificate = certificate
});
});
}