Mbuso Kotobe
New member
- Joined
- Aug 17, 2023
- Messages
- 1
- Programming Experience
- 3-5
I have a .NET CORE WEB API deployed in a VM running linux ubuntu 22.0 and I am encountering the error Below when running the application.
Here's the full exception message:
```
System.Security.Cryptography.CryptographicException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores.
---> System.PlatformNotSupportedException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores.
--- End of inner exception stack trace ---
at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags)
at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags).
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.<LocateCertificateWithPrivateKey>g__OpenStore|18_0(StoreLocation storeLocation)
```
This exception is thrown once I start to explicitly tell .NET where to find the certificate explicitly and use them. I just don't know why it still goes through the store to search for a certificate while I provided one explicitly
Here's the config code
```
builder.WebHost.ConfigureKestrel((context, options) =>
{
var certificateFile = "/etc/letsencrypt/live/mylivedomain/fullchain.pem";
var privateKeyFile = "/etc/letsencrypt/live/mylivedomain/privkey.pem";
options.ListenAnyIP(443, listenOptions =>
{
listenOptions.UseHttps(certificateFile, privateKeyFile, httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
// Additional HTTPS options can be configured here
});
});
});
```
I also tried this
builder.WebHost.ConfigureKestrel((context, options) =>
{
var certificateFile = "/etc/letsencrypt/live/mylivedomain/fullchain.pem";
var privateKeyFile = "/etc/letsencrypt/live/mylivedomain/privkey.pem";
var certificate = new X509Certificate2(certificateFile, privateKeyFile);
options.ListenAnyIP(443, listenOptions =>
{
listenOptions.UseHttps(certificate, httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
// Additional HTTPS options can be configured here
});
});
});
I get the same exception. Even when the IP is set to 5001 it still does the same thing.
When the config code is completely removed the app uses the development certificate
Does anyone has a working solution to the problem?
Sorry about the bad format, the code block button is not working on this thread. I don't know why.
Here's the full exception message:
```
System.Security.Cryptography.CryptographicException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores.
---> System.PlatformNotSupportedException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores.
--- End of inner exception stack trace ---
at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags)
at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags).
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.<LocateCertificateWithPrivateKey>g__OpenStore|18_0(StoreLocation storeLocation)
```
This exception is thrown once I start to explicitly tell .NET where to find the certificate explicitly and use them. I just don't know why it still goes through the store to search for a certificate while I provided one explicitly
Here's the config code
```
builder.WebHost.ConfigureKestrel((context, options) =>
{
var certificateFile = "/etc/letsencrypt/live/mylivedomain/fullchain.pem";
var privateKeyFile = "/etc/letsencrypt/live/mylivedomain/privkey.pem";
options.ListenAnyIP(443, listenOptions =>
{
listenOptions.UseHttps(certificateFile, privateKeyFile, httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
// Additional HTTPS options can be configured here
});
});
});
```
I also tried this
builder.WebHost.ConfigureKestrel((context, options) =>
{
var certificateFile = "/etc/letsencrypt/live/mylivedomain/fullchain.pem";
var privateKeyFile = "/etc/letsencrypt/live/mylivedomain/privkey.pem";
var certificate = new X509Certificate2(certificateFile, privateKeyFile);
options.ListenAnyIP(443, listenOptions =>
{
listenOptions.UseHttps(certificate, httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
// Additional HTTPS options can be configured here
});
});
});
I get the same exception. Even when the IP is set to 5001 it still does the same thing.
When the config code is completely removed the app uses the development certificate
Does anyone has a working solution to the problem?
Sorry about the bad format, the code block button is not working on this thread. I don't know why.
Last edited:
