We are currently transitioning an old Web Forms app in VB.Net running on .NET Framework 4.8 to use a new .NET 6 API before we replace the Web Forms app with a modern JS front end. We are replacing repository calls with calls to our new API using HttpClient to accomplish this. We are using the NuGet version of HttpClient, not the .NET Framework version. The WebForms app is running in IIS hosted on the dev machine and the API is running using Kestrel also on the dev machine.
The cert is issued for localhost and both applications are being served on localhost on different ports.
Unfortunately, when running on a dev machine using a self signed dev cert we get the following exception when calling PostAsync() or PutAsync()
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
I have searched and tried just about every answer posted to similar questions and tried most of the answers given in those cases. This includes adding the cert to the RCA/ICA, and regenerating the dev cert using
dotnet dev-certs https --clean
dotnet dev-certs https
dotnet dev-certs https --trust
I have even switched IIS to using the dev cert for SSL in case that somehow was the problem.
The only solution I haven't tried, as it's more of a hack and less of a solution, is to bypass the entire certificate verification process. That is not a viable long term solution.
The Web Forms app can successfully call various Azure APIs including Key Vault and Azure Files, so HttpClient in itself is not an issue. The API can be reached from Firefox/Chrome/Edge without any issues.
Any ideas beyond what I have tried and what I am unwilling to do?
Found the issue.
dotnet dev-certs https --create makes the dev cert in the Certificates - Current User (certmgr.msc) store. .NET Framework looks for the cert in the Certificates - Local Computer (certlm.msc) store.
Copying the created dev cert to the Local Computer store in the Personal -> Certificates and the Trusted Root Certification Authorities -> Certificates folders fixed the issue. Strictly speaking, I don't know if it needs to be the Personal folder or just the TRCA folder, but I put it in both places just to be sure.