tebeco/ssl.cs

## ssl.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;

namespace TestApplication
{
    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }


        public static IWebHostBuilder CreateWebHostBuilder(string[] args)
        {
            // return WebHost.CreateDefaultBuilder(args)
            //    .UseStartup<Startup>();

            return WebHost.CreateDefaultBuilder(args)
                /*
                .UseKestrel(options =>
                {
                    string password = "";
                    password = null;

                    options.Listen(System.Net.IPAddress.Any, 5001,
                        listenOptions => { listenOptions.UseHttps("BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx", password); });
                })
                */
                .UseStartup<Startup>();
        }

    }
}

// pacman -S yay
// pacman -S yaourt

// https://confluence.jetbrains.com/display/IDEADEV/Filesystem+Case-Sensitivity+Mismatch
// https://www.ostechnix.com/install-oracle-java-8-arch-linux/
// yay jdk
// pacman -S mono
// pacman -S dotnet-runtime
// pacman -S dotnet-sdk

// dotnet tool install --global dotnet-dev-certs
//  export DOTNET_ROOT="/opt/dotnet"
//  export PATH="$PATH:/root/.dotnet/tools"

// dotnet dev-certs https
// https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https.md
// Note: dotnet dev-certs https --trust is only supported on macOS and Windows.
// You need to trust certs on Linux in the way that is supported by your distro.
// It is likely that you need to trust the certificate in your browser.
// dotnet dev-certs https --trust

// locate .pfx | sed '/flatpak/d;'
// /root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx


// alternative:
// https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/
// openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer>

// "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx"
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer


// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer

// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -out certificatename.pem
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -clcerts -nokeys -out certificate.cer


// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer


// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -out certificatename.pem
// openssl x509 -outform der -in certificatename.pem -out certificatename.cer


// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > cacerts.cer


// With OpenSSL you can convert pfx to Apache compatible format with next commands:
// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx"  -clcerts -nokeys -out domain.cer
// openssl pkcs12 -in domain.pfx -nocerts -nodes  -out domain.key

// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer


// cp myca.crt /usr/local/share/ca-certificates/
// update-ca-certificates
// Arch/Manjaro: Instead of update-ca-certificates, run
//  trust extract-compat
// sudo trust anchor --store /usr/share/ca-certificates//BB65DE78AD4E81B767245843CCA962526BA62C2D.cer


// https://dzone.com/articles/enforce-ssl-and-use-hsts-in-net-core20-net-core-se

// https://coderscoffeehouse.com/tech/2017/11/24/aspnetcore-ssl.html

// https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio


// https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio


https://blogs.msdn.microsoft.com/webdev/2017/11/29/configuring-https-in-asp-net-core-across-different-platforms/
https://www.blinkingcaret.com/2017/03/01/https-asp-net-core/
https://neelbhatt.com/2018/02/04/enforce-ssl-and-use-hsts-in-net-core2-0-net-core-security-part-i/
https://cmatskas.com/enforcing-https-only-traffic-with-asp-net-core-and-kestrel/
https://hstspreload.org/
https://neelbhatt.com/2018/02/06/asp-net-core-2-1-features/
https://neelbhatt.com/2018/06/09/gdpr-in-net-core-net-core-security-part-vii/
https://stackoverflow.com/questions/46336341/configure-asp-net-core-2-0-kestrel-for-https


https://www.c-sharpcorner.com/article/using-https-in-asp-net-core-2-0/
https://www.recaffeinate.co/post/enforce-https-aspnetcore-api/
https://stackoverflow.com/questions/50935730/asp-net-core-2-1-kestrel-how-to-disable-https?rq=1


https://stackoverflow.com/questions/46507029/how-to-disable-https-in-visual-studio-2017-web-proj-asp-net-core-2-0

https://exceptionnotfound.net/working-with-environments-and-launch-settings-in-asp-net-core/

https://cmatskas.com/enforcing-https-only-traffic-with-asp-net-core-and-kestrel/
https://stackify.com/how-to-deploy-asp-net-core-to-iis/?utm_referrer=https%3A%2F%2Fwww.google.com%2F
https://asp.net-hacker.rocks/2018/07/05/aspnetcore-ssl.html


New-SelfSignedCertificate -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(1) -Subject "localhost" -KeyAlgorithm "RSA" -KeyLength 2048 -HashAlgorithm "SHA256" -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsage KeyEncipherment -FriendlyName "HTTPS development certificate" -TextExtension @("2.5.29.19={critical}{text}","2.5.29.37={critical}{text}1.3.6.1.5.5.7.3.1","2.5.29.17={critical}{text}DNS=localhost")


C:\Users\username\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates


PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject
----------                                -------
DAABF766358B18A827B3CFF73EE4AB07B7841987  CN=localhost


Microsoft.AspNetCore.HttpsPolicy


dotnet dev-certs https --trust


https://docs.microsoft.com/en-us/windows/desktop/seccrypto/makecert
https://dontpaniclabs.com/blog/post/2017/01/11/creating-self-signed-ssl-certificate-developing-testing-iis/
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-temporary-certificates-for-use-during-development


https://blogs.msdn.microsoft.com/benjaminperkins/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning/
https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/
https://stackoverflow.com/questions/2292495/what-is-the-difference-between-a-cer-pvk-and-pfx-file


makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer


makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer
makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr currentuser -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -ic TempCA.cer SignedByCA.cer -pe myCert.cer


-sr currentuser


makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr currentuser -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -ic TempCA.cer SignedByCA.cer -pe myCert.cer

makecert -sk SignedByCA -iv TempCA.pvk -n "CN=SignedByCA" -ic TempCA.cer SignedByCA.cer -sr currentuser -ss My
	using System;
	using System.Collections.Generic;
	using System.IO;
	using System.Linq;
	using System.Threading.Tasks;
	using Microsoft.AspNetCore;
	using Microsoft.AspNetCore.Hosting;
	using Microsoft.Extensions.Configuration;
	using Microsoft.Extensions.Logging;

	namespace TestApplication
	{
	public class Program
	{
	public static void Main(string[] args)
	{
	CreateWebHostBuilder(args).Build().Run();
	}


	public static IWebHostBuilder CreateWebHostBuilder(string[] args)
	{
	// return WebHost.CreateDefaultBuilder(args)
	// .UseStartup<Startup>();

	return WebHost.CreateDefaultBuilder(args)
	/*
	.UseKestrel(options =>
	{
	string password = "";
	password = null;

	options.Listen(System.Net.IPAddress.Any, 5001,
	listenOptions => { listenOptions.UseHttps("BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx", password); });
	})
	*/
	.UseStartup<Startup>();
	}

	}
	}

	// pacman -S yay
	// pacman -S yaourt

	// https://confluence.jetbrains.com/display/IDEADEV/Filesystem+Case-Sensitivity+Mismatch
	// https://www.ostechnix.com/install-oracle-java-8-arch-linux/
	// yay jdk
	// pacman -S mono
	// pacman -S dotnet-runtime
	// pacman -S dotnet-sdk

	// dotnet tool install --global dotnet-dev-certs
	// export DOTNET_ROOT="/opt/dotnet"
	// export PATH="$PATH:/root/.dotnet/tools"

	// dotnet dev-certs https
	// https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https.md
	// Note: dotnet dev-certs https --trust is only supported on macOS and Windows.
	// You need to trust certs on Linux in the way that is supported by your distro.
	// It is likely that you need to trust the certificate in your browser.
	// dotnet dev-certs https --trust

	// locate .pfx \| sed '/flatpak/d;'
	// /root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx


	// alternative:
	// https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/
	// openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain \| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer>

	// "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx"
	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain \| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer


	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer

	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -out certificatename.pem
	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -clcerts -nokeys -out certificate.cer


	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer



	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -out certificatename.pem
	// openssl x509 -outform der -in certificatename.pem -out certificatename.cer


	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts -nokeys -chain > cacerts.cer


	// With OpenSSL you can convert pfx to Apache compatible format with next commands:
	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -clcerts -nokeys -out domain.cer
	// openssl pkcs12 -in domain.pfx -nocerts -nodes -out domain.key

	// openssl pkcs12 -in "/root/.dotnet/corefx/cryptography/x509stores/my/BB65DE78AD4E81B767245843CCA962526BA62C2D.pfx" -cacerts > BB65DE78AD4E81B767245843CCA962526BA62C2D.cer



	// cp myca.crt /usr/local/share/ca-certificates/
	// update-ca-certificates
	// Arch/Manjaro: Instead of update-ca-certificates, run
	// trust extract-compat
	// sudo trust anchor --store /usr/share/ca-certificates//BB65DE78AD4E81B767245843CCA962526BA62C2D.cer






	// https://dzone.com/articles/enforce-ssl-and-use-hsts-in-net-core20-net-core-se

	// https://coderscoffeehouse.com/tech/2017/11/24/aspnetcore-ssl.html

	// https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio


	// https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio












	https://blogs.msdn.microsoft.com/webdev/2017/11/29/configuring-https-in-asp-net-core-across-different-platforms/
	https://www.blinkingcaret.com/2017/03/01/https-asp-net-core/
	https://neelbhatt.com/2018/02/04/enforce-ssl-and-use-hsts-in-net-core2-0-net-core-security-part-i/
	https://cmatskas.com/enforcing-https-only-traffic-with-asp-net-core-and-kestrel/
	https://hstspreload.org/
	https://neelbhatt.com/2018/02/06/asp-net-core-2-1-features/
	https://neelbhatt.com/2018/06/09/gdpr-in-net-core-net-core-security-part-vii/
	https://stackoverflow.com/questions/46336341/configure-asp-net-core-2-0-kestrel-for-https


	https://www.c-sharpcorner.com/article/using-https-in-asp-net-core-2-0/
	https://www.recaffeinate.co/post/enforce-https-aspnetcore-api/
	https://stackoverflow.com/questions/50935730/asp-net-core-2-1-kestrel-how-to-disable-https?rq=1


	https://stackoverflow.com/questions/46507029/how-to-disable-https-in-visual-studio-2017-web-proj-asp-net-core-2-0

	https://exceptionnotfound.net/working-with-environments-and-launch-settings-in-asp-net-core/

	https://cmatskas.com/enforcing-https-only-traffic-with-asp-net-core-and-kestrel/
	https://stackify.com/how-to-deploy-asp-net-core-to-iis/?utm_referrer=https%3A%2F%2Fwww.google.com%2F
	https://asp.net-hacker.rocks/2018/07/05/aspnetcore-ssl.html




	New-SelfSignedCertificate -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(1) -Subject "localhost" -KeyAlgorithm "RSA" -KeyLength 2048 -HashAlgorithm "SHA256" -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsage KeyEncipherment -FriendlyName "HTTPS development certificate" -TextExtension @("2.5.29.19={critical}{text}","2.5.29.37={critical}{text}1.3.6.1.5.5.7.3.1","2.5.29.17={critical}{text}DNS=localhost")


	C:\Users\username\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates


	PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

	Thumbprint Subject
	---------- -------
	DAABF766358B18A827B3CFF73EE4AB07B7841987 CN=localhost


	Microsoft.AspNetCore.HttpsPolicy



	dotnet dev-certs https --trust





	https://docs.microsoft.com/en-us/windows/desktop/seccrypto/makecert
	https://dontpaniclabs.com/blog/post/2017/01/11/creating-self-signed-ssl-certificate-developing-testing-iis/
	https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-temporary-certificates-for-use-during-development



	https://blogs.msdn.microsoft.com/benjaminperkins/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning/
	https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/
	https://stackoverflow.com/questions/2292495/what-is-the-difference-between-a-cer-pvk-and-pfx-file








	makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer


	makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr LocalMachine -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -r -pe myCert.cer
	makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr currentuser -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -ic TempCA.cer SignedByCA.cer -pe myCert.cer



	-sr currentuser


	makecert -n "CN=%ComputerName%, CN=localhost" -ss MY -sr currentuser -b 08/08/2018 -e 09/09/2028 -a sha256 -sky exchange -ic TempCA.cer SignedByCA.cer -pe myCert.cer

	makecert -sk SignedByCA -iv TempCA.pvk -n "CN=SignedByCA" -ic TempCA.cer SignedByCA.cer -sr currentuser -ss My