Asp.net - Localhost certificate safety

Axeltherabbit
March 18, 2024
89 views
0 votes
2 Answers

I’ve got an asp.net service that I want to run on localhost on each machine, is it safe to create the certificate with dotnet dev-certs https --trust or should I use another method?

Answers

- user47305734986
- March 18, 2024 at 3:07 pm
- 0 votes
0
I also use this certificate and it works great.

Login or Signup to reply.

- Charlieface
- March 18, 2024 at 3:58 pm
- 0 votes
0
Yes it is safe, and recommended for development sites. The --trust option is documented as:

-t|--trust

Trusts the certificate on the local machine.

If this option isn’t specified, the certificate is added to the certificate store but not to a trusted list.

So if you use it then it will take that certificate and pin it as trusted on this machine (it does not help for other machines).

This means that you can connect to the development site without insecurely ignoring certificate validation.

Do not use this in a production scenario where you are connecting multiple machines to a single server. This command only works on a single machine, so it’s difficult to manage. It’s much much better to buy a certificate from public CA or use a private CA to issue one.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Asp.net – Localhost certificate safety

Answers