I'm trying to generate a self-signed SSL certificate from this .cnf file:
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = BR
stateOrProvinceName = SC
localityName = PB
organizationName = MyCompany
CN = 20.14.3.12 // My Local IPv4
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 20.14.3.12 // My Local IPv4
To create the .key and .crt file, I'm using openssl:
openssl req -x509 -days 36500 -newkey rsa:2048 -keyout key.key -out cert.crt -config san.cnf
I'm also adding the .crt file in Microsoft Management Console, in Root Certification Authorities folder
In my .NET 8 code, I'm adding the following Kestrel tag in appsettings.json:
"Kestrel": {
"Endpoints": {
"HttpsInlineCertAndKeyFile": {
"Url": "https://20.14.3.12:7142",
"Certificate": {
"Path": "./Utils/Certificates/cert.crt", // the path is correct
"KeyPath": "./Utils/Certificates/key.key",
"Password": "mypassword"
}
}
}
}
My application listen to https://20.14.3.12:7142 and when I try to open swagger, for example, I see the error
NET::ERR_CERT_COMMON_NAME_INVALID
PS: I've tested it using localhost instead of my ip and all works fine, the only change that I've make was to change the IP.1 in .cnf file for DNS.1
My problem was that my IpV4 was changing every time that I generate a new certificate (I don't know why). But the code is right!