Hello everyone, how have you been?
There are several articles and videos on the internet that praise Void Linux for its stability while being kept as a rolling release distribution. I've been a Void Linux user for quite some time now (except for some hiatus where I was using OpenSuSE for... reasons), and still, I have never done any development that required SSL certificates to be held at the API level while using Void Linux. Most of the APIs I develop are HTTP-only, as they usually sit behind a Web Application Firewall (WAF), ingress controller (Kubernetes anyone?) or any other sort of API Gateway doing the SSL termination.
While Microsoft provides some sparse documentation on how to enable development certificates on some more prominent Linux distros, others on more niche distributions are left out. I don't blame them much, as the open-source nature of Linux helps to complicate things more than needed.
If you try to run the regular dotnet dev-certs https --trust, nothing much will happen if you use Void instead of something like Ubuntu, so here I am to help you out.
Getting hands dirty:
First thing you need to do is to have your distribution's openssl and ca-certificates package installed, and then check where your distribution keeps its SSL certificates. In case of Void Linux, they are located on /etc/ssl/certs, while the root certificates (if you installed CA-Certificates are located on /usr/share/ca-certificates/mozilla/
If you have tried to generate a Development certificate before using the dotnet dev-certs tool, you need to clean them by issuing these commands in your terminal:
$ dotnet dev-certs https --clean
# Optional: if you'd like to really clean ASP.NET's Certificates,
# issue the command below:
$ rm -rf "$HOME/.aspnet/dev-certs/trust/*" # this is the usual location for user certificates
Afterwards, issue these commands to generate a development certificate, and register it correctly with OpenSSL:
# Generates a certificate and places it on the default
# ASP.NET's dev-certs
$ dotnet dev-certs https -ep "$HOME/.aspnet/dev-certs/trust/dev-cert.pem" -np --format PEM --trust
# If you'd like to provide a password, then the
# command is a bit different:
$ dotnet dev-certs https -ep "$HOME/.aspnet/dev-certs/trust/dev-cert.pem" -p "MyPassword123" --format PEM --trust
# Then, you need to link this certificate to the
# OpenSSL certificates folder:
$ sudo ln -s "$HOME/.aspnet/dev-certs/trust/dev-cert.pem" /etc/ssl/certs
# Afterwards, you need to set up an environment variable
# to help the .NET runtime find your certificate.
# You can place this line below in your .profile, .bash_profile,
# or any other file, as long as it is read when you
# initialise your system:
export SSL_CERT_DIR="$HOME/.aspnet/dev-certs/trust:/etc/ssl/certs"
# Then, you need to ask OpenSSL to rehash the certificate store:
$ sudo openssl rehash "$HOME/.aspnet/dev-certs/trust"
# You also need to "source" your .profile again, by using
# source, reopening your terminal or restarting your PC
# (in my case, I'm using .bash_profile):
$ source ~/.bash_profile
# Last, you can check if dotnet is trusting your certificate:
$ dotnet dev-certs https --check --trust --verbose
... and you're done. Profit!
Final thoughts:
This is all fine for a one-time setup, until your development certificate expires and you need to redo all steps. For the few of you who are .NET developers and use Void Linux daily, you can also check out this Gist here, where I put these commands together with ChatGPT's help, while including some additional checks for repeated usage. You can download it, make it executable with chmod +x dotnet-cert-trust-void-linux.sh and run it with sudo.
Thank you for reading, and see you next time!
Top comments (0)