ASP.NET core has a very useful dev-certs
utility capable of producing self-signed certificates for local https development work.
This works for the most-part, but as soon as you start wanting to do local development of a native app, iOS refuses to trust the certificate, or indeed, to even let you tell it to trust it.
You can see This Issue for some more context.
This is what worked for me, I make no guarantees as to its efficiency or ongoing efficacy.
Most of the steps here I found here and here, I've recreated the barebones instructions here for brevity and to retain the knowledge.
IMPORTANT Be sure to use a password for the certificates for security, and keep them somewhere safe, the command line will prompt you for passwords when needed
openssl genrsa -des3 -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
openssl genrsa -out localhost.key 2048
openssl req -new -key localhost.key -out localhost.csr
This will prompt you for some details, feel free to leave them blank except for the fully qualified domain name, be sure to set that to
localhost
create v3.ext file as follows:
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
openssl x509 -req -in localhost.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out localhost.crt -days 500 -sha256 -extfile v3.ext
openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt
Just import the root CA certificate and the localhost certificate as you would usually, and be sure to tweak their trust settings to "always trust" if need be.
I also imported the pfx for good measure, though I'm not sure if this is necessary.
Using the Apple Configurator app, do the following:
- Create a new profile and name it
- Add the CA and localhost certificate in the certs section
- Sign the profile (File > Sign)
- Save the profile
You can drag and drop the profile file into the simulator, or e-mail / airdrop it to a test device.
Go into About > Certificate Trust Settings and trust the "localhost" certificate.
In your Startup.cs configure it as follows:
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseKestrel(options =>
{
options.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.ServerCertificateSelector = null;
httpsOptions.ServerCertificate = new X509Certificate2("/path/to/pfx, "password for pfx");
});
})
With these steps followed you should now be able to browse the https endpoints locally and on-device 👍