A Step-by-Step Guide to Unlocking HTTPS Magic with Kestrel and mkcert in .NET

Securing your web application with HTTPS isn’t just a good practice - it’s essential for protecting data and ensuring user trust. When developing .NET applications with Kestrel, you can easily set up HTTPS using mkcert, a lightweight tool for creating locally trusted certificates. Let’s dive into the process and sprinkle some HTTPS magic over your development environment.

---

What You’ll Need

Before we start, make sure you have the following:

1. .NET SDK installed on your machine.

2. mkcert installed. Grab it from mkcert's GitHub page.

3. OpenSSL (optional, but handy for advanced certificate management).

---

Step 1: Enlist mkcert as Your Local CA Wizard

1. Install the local Certificate Authority (CA) using mkcert:

   mkcert -install

   This sets up a local CA in your system’s trust store, allowing mkcert to create certificates trusted by your machine.

2. Confirm the installation:

   mkcert --version

   If you see the version number, you’re all set to proceed.

---

Step 2: Forge a Certificate for Localhost

1. Create a development certificate for your local environment:

   mkcert localhost

   This generates two files:

   • localhost.pem (the certificate)

   • localhost-key.pem (the private key)

2. Move and rename these files for better organization (optional):

   mv localhost.pem certs/localhost.crt
   mv localhost-key.pem certs/localhost.key

   Tip: Keep your certificates in a secure folder, preferably excluded from version control.

---

Step 3: Weave the Certificate into Kestrel’s Configuration

1. Modify your appsettings.json file to reference the certificate:

   {
     "Kestrel": {
       "Endpoints": {
         "Https": {
           "Url": "https://localhost:5001",
           "Certificate": {
             "Path": "certs/localhost.crt",
             "KeyPath": "certs/localhost.key"
           }
         }
       }
     }
   }

2. Update your Program.cs file to apply the configuration:

   var builder = WebApplication.CreateBuilder(args);
   builder.WebHost.ConfigureKestrel(options =>
   {
       options.ConfigureHttpsDefaults(httpsOptions =>
       {
           httpsOptions.ServerCertificateSelector = (context, name) =>
           {
               return new X509Certificate2("certs/localhost.crt", "certs/localhost.key");
           };
       });
   });
   var app = builder.Build();
   app.MapGet("/", () => "Hello, HTTPS World!");
   app.Run();

---

Step 4: Test the HTTPS Enchantment

1. Run your application:

   dotnet run

2. Open your browser and visit https://localhost:5001. Your app should now load securely without any certificate warnings.

---

Troubleshooting Common Pitfalls

1. Certificate Trust Issues: Double-check that you ran mkcert -install to add the local CA.

2. Port Conflicts: Adjust the port in appsettings.json or terminate other apps using the same port.

3. File Path Errors: Ensure the paths to the certificate and key files are accurate and accessible.

---

Wrapping Up

By following this guide, you’ve equipped your .NET development environment with HTTPS - a crucial layer of security. Whether you’re developing locally or preparing for deployment, this setup ensures your application is on a solid and secure foundation.

If you run into any snags or have questions, feel free to ask. Happy coding, and may your development journey be secure and smooth!

---

What Should We Cover Next?

Is there a topic you'd like us to dive into? Share your suggestions in the comments, and let us know what challenges or technologies you’d like to see explored!