I've got an asp.net service that I want to run on localhost on each machine, is it safe to create the certificate with dotnet dev-certs https --trust or should I use another method?
Yes it is safe, and recommended for development sites. The --trust option is documented as:
-t|--trustTrusts the certificate on the local machine.
If this option isn't specified, the certificate is added to the certificate store but not to a trusted list.
So if you use it then it will take that certificate and pin it as trusted on this machine (it does not help for other machines).
This means that you can connect to the development site without insecurely ignoring certificate validation.
Do not use this in a production scenario where you are connecting multiple machines to a single server. This command only works on a single machine, so it's difficult to manage. It's much much better to buy a certificate from public CA or use a private CA to issue one.