⏲️ *Jump-to Time Codes!* ⏲️ ---------------------------------------------- *INTRODUCTION* - 2:21 Course Overview - 5:46 Demo - 6:27 Tooling *HTTPS OVERVIEW * - 6:49 What is HTTPS, SSL & TLS? - 7:46 Certificate & Authorities Overview - 9:44 What does a certificate contain? - 10:30 Public & Private Key Overview - 11:48 HTTPS How it Works (Interaction Diagram) *LOCALHOST SET UP * - 14:37 Scaffold Up our API - 19:25 Generating a Local Dev Certificate - 22:37 The need for a custom domain *CUSTOM DOMAIN PART 1 * - 23:56 Update HOSTS File - 27:02 Host name resolution order - 28:15 Create our Self-Signed Certificate - 35:00 Import Certificate into Trusted Root *CUSTOM DOMAIN PART 2 * - 36:58 - User Secrets Overview - 38:30 - Configure User Secrets - 42:14 - Update appsettings.Development.json - 44:07 - Create HostConfig static Class - 46:00 - Update Program Class - Read in Config - 49:55 - Load Certificate into Kestrel - 55:13 - Listen on Specific IP Address *FINAL THOUGHTS & ACKNOWLEDGEMENTS * - 57:57 - Wrap Up - 58:39 - Credits
Amazing video. Unbelievable such a kind effort to help others also to learn what you learned. Your sequence of teaching is so good. Thank you very much for this video
Greetings from the Scottish Borders. Why has it taken so long for RUclips algo to suggest your videos to my feed?? These are without doubt the best tutorials on RUclips and I watched loads. Love the way you don’t copy/paste code or waffle while typing. Keep them coming
Hi Ian, thanks mate - I wish I had more control over the RUclips algorithm! Glad you've found the channel though and are enjoying the content. Cheers, Les
Fantastic session with lots of learning , at the same time very interesting to watch. Thank you for putting so much effort in creating and sharing this with developer community. I would love to see more videos taking step further to see how can we deploy this into cloud , ex running as a container. Thanks again !!
There is a Auto completion in Powershell. If you start typing "convertto-s" and press TAB you'll get "ConvertTo-SecureString". It works with parameters and directories\files as well.
Thanks for tutorial! Btw, you can read configuration file just from .ConfigureKestrel( ), so you don't need to use custom class HostConfig for passing values. .ConfigureWebHostDefaults(webBuilder => { webBuilder.ConfigureKestrel((context, kestrel) => { var file = context.Configuration["CertificateFileLocation"]; var password = context.Configuration["CertPassword"]; }); })
Thank you so much for this. Even the parts you said you wouldn't go deep into were plenty. I was able to secure my local dns and understand better how the whole thing hangs together. My issue is that I am working with Nativescript and just for added measure, SignalR as well. I've been struggling with trying to get an Android Emulator to communicate with my server while it ignores my hosts file and has it's own version of all my DNSs ...good times. I don't see it on your channels as yet but I'm really really hoping it's an area you are planning to explore. However, getting this ssl part has really helped to get to the next step of Jumanji Infinity
Thanks so much dude! You're video is helping me a lot. Question, if I don't want to create a domain name but only use the ip address of my machine, will I only need to generate the certificate but using the ip address instead of the domain name?
Awesome! Wasn't sure about this topic to be honest, it's a little outside of what I usually do, but thought people might find it useful! Glad you enjoyed it!
Jackson, do you have any videos showing api with digital authentication? I need to prepare my api to receive notification from a webhook, which uses mtls for communication.
Thank you for another great video! I followed along with my API and works great within my dev machine. One question though in my dev environment, I need to call this API from another dev machine (2nd machine) in the same network. I'm trying to reach the API using IP address since I don't have the host file set up on the 2nd machine. I'm getting certificate issue. These 2 machines can ping each other.
Great tutorial. I'm doing this in .NET 6 and using minimal api approach. I have a question about using options.ListenAnyIP vs. the Dns host approach: If use ListenAnyIP, when I run the app, it opens to the url I have in the config, (and the url matches the cert url), But, if I use the resolved DNS ip, when I run the app, it doesn't open the url, and if I go to the url, it can't validate the certificates. So what options can I use to have it go to the url, rather than try to use the ip address?
Brilliant! As part of following this tutorial I discovered that my anti-virus, WebRoot, was blocking the creation of trusted certificates. It was also stopping me from the updating the host file.
Still failing for me. I'm trying this on my corporate desktop computer. When I run the GET against the weatherforecast from Postman with HTTPS verification enabled it also fails. When I disable verification I get data back, even using the DNS name which is cool, but the SSL verification fails. When I look at the warning in the Postman console I get: Warning: Unable to verify the first certificate When I look further down in the warning in the TLS section I see something perhaps more specific. authorizationError: "UNABLE_TO_VERIFY_LEAF_SIGNATURE"
Hey Les, thanks for the amazing content that you put out! It really helps us! I would like to ask you if you could do a video on microservices and microservices internal communication. How would one do it and if can we use kubernetes to scale the microservices. Thanks!
Hi Les, Thank you for your very well structured video, it's great. One question: Any reason why not reading the certificate from the Certificate Store instead of reading from file? This way you don't have even to worry with passwords. Regards.
Hi Lakhan, yes I'm working on something at the moment, I've taken EshopOnContiners and am re-working it slightly to make it easier to teach with. Hopefully not too long before I complete it.
Hi Les, nice video, this has always been a mystery to me. One issue I have noticed is that although Edge works as shown, Chrome still says the certificate is Invalid. Not sure why, any ideas? It does come good after setting up the certificate etc. Bad luck about Melbourne being back in lockdown, I'm in Forest Hill and was excited about starting to get out again :-(
Hi Steve. This drove me crazy for a bit until I restarted the browser! I should have mentioned that in the video. Drop us a line if that doesn't resolve it - seems to be working in Chrome for me, (after the restart). Another thing I should have mentioned is that Firefox uses its own cert store so uses will need to import the cert following these instructions: knowledge.digicert.com/solution/SO5437 Yeah lock-down again is a pain, but I guess it's for the greater good! Hopefully the numbers start to drop. Thanks for feeding back, and stay safe, Les
Thanks, It's works well with Edge browser, but in my case, it does not work with Firefox or Safari (which ask to add an exception). Custom Certificate is it the good way to use API https connection a LAN Production project ?
@Les Jackson #Les Jackson Hi, I was wondering if there is a way to utilize Typescript with dotnet core 3.1 and web api? I would really love to see the use of Typescript in the backend on dotnet core.
On my work machine it... works. On Linux too. On my personal machine it... gets personal and throws 'System.Security.Cryptography.CryptographicException' occurred in System.Security.Cryptography.dll: 'Access denied.' Any idea what makes it break ?
could you make a video for certs in ubuntu or linux base os ?, i have spend three days and still have not got it to work.. dev certs for linux is a pain in the ass .
PLEASE HELP MEE!!! Amazing video but if I add that "var host = Dns.GetHostEntry("");" line in program.cs my code jumps to that line instead of entering into ".ConfigureServices((context, services) =>"... any idea why??? I'm trying to get the string with the domain from config so I'm using it like this: prnt.sc/vwnlaq thanks!
⏲️ *Jump-to Time Codes!* ⏲️
----------------------------------------------
*INTRODUCTION*
- 2:21 Course Overview
- 5:46 Demo
- 6:27 Tooling
*HTTPS OVERVIEW
*
- 6:49 What is HTTPS, SSL & TLS?
- 7:46 Certificate & Authorities Overview
- 9:44 What does a certificate contain?
- 10:30 Public & Private Key Overview
- 11:48 HTTPS How it Works (Interaction Diagram)
*LOCALHOST SET UP
*
- 14:37 Scaffold Up our API
- 19:25 Generating a Local Dev Certificate
- 22:37 The need for a custom domain
*CUSTOM DOMAIN PART 1
*
- 23:56 Update HOSTS File
- 27:02 Host name resolution order
- 28:15 Create our Self-Signed Certificate
- 35:00 Import Certificate into Trusted Root
*CUSTOM DOMAIN PART 2
*
- 36:58 - User Secrets Overview
- 38:30 - Configure User Secrets
- 42:14 - Update appsettings.Development.json
- 44:07 - Create HostConfig static Class
- 46:00 - Update Program Class - Read in Config
- 49:55 - Load Certificate into Kestrel
- 55:13 - Listen on Specific IP Address
*FINAL THOUGHTS & ACKNOWLEDGEMENTS
*
- 57:57 - Wrap Up
- 58:39 - Credits
You are the only one who explain all the details clearly, I appreciate that. Thanks a lot.
Amazing video. Unbelievable such a kind effort to help others also to learn what you learned. Your sequence of teaching is so good. Thank you very much for this video
Greetings from the Scottish Borders. Why has it taken so long for RUclips algo to suggest your videos to my feed?? These are without doubt the best tutorials on RUclips and I watched loads. Love the way you don’t copy/paste code or waffle while typing. Keep them coming
Hi Ian, thanks mate - I wish I had more control over the RUclips algorithm! Glad you've found the channel though and are enjoying the content. Cheers, Les
Fantastic session with lots of learning , at the same time very interesting to watch. Thank you for putting so much effort in creating and sharing this with developer community. I would love to see more videos taking step further to see how can we deploy this into cloud , ex running as a container. Thanks again !!
There is a Auto completion in Powershell. If you start typing "convertto-s" and press TAB you'll get "ConvertTo-SecureString".
It works with parameters and directories\files as well.
Hi Andy - where were you a few days ago! You'd have saved me a bit of typing! Great tip & thanks!
Les
Suddenly getting the urge for a dram while listening to you Les 😅 Great content thank you!
Brilliant - now I understand certificates with some degree of confidence
8:36... "hopefully" we trust ourselves. very deep..
Best wishes from Scotland (Balloch).
Very nice explained. Great job.
Thank you very much, I am just finishing my first production Api and I have been stuck on this for past 2 days :DD
Thanks for tutorial!
Btw, you can read configuration file just from .ConfigureKestrel( ), so you don't need to use custom class HostConfig for passing values.
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel((context, kestrel) =>
{
var file = context.Configuration["CertificateFileLocation"];
var password = context.Configuration["CertPassword"];
});
})
Amazing video. I hope u make another tutorial video for docker
Just in case, for intellisense use Windows Powershell ISE and use TAB key for auto-complete
Would be great to see that updated for .NET 6
Thank you! It was treat to watch this video! Loved it ! Enjoyed it !
your tutorials are great man , great, thank you a million
Thank you for making this. Super helpful. I always appreciate all your videos.
Hi Les. I would like to thank you so much for providing this tutorial. It helped me a lot.
Hey Les, very well done! Thank you. I've been scouring the Internet trying to find how to use my TLS cert in Kestrel.
Very nice video! Saved my day.. Just a question will this work with CA signed certificate on production?
Thank you so much for this. Even the parts you said you wouldn't go deep into were plenty. I was able to secure my local dns and understand better how the whole thing hangs together.
My issue is that I am working with Nativescript and just for added measure, SignalR as well.
I've been struggling with trying to get an Android Emulator to communicate with my server while it ignores my hosts file and has it's own version of all my DNSs ...good times.
I don't see it on your channels as yet but I'm really really hoping it's an area you are planning to explore.
However, getting this ssl part has really helped to get to the next step of Jumanji Infinity
Thanks so much dude! You're video is helping me a lot.
Question, if I don't want to create a domain name but only use the ip address of my machine, will I only need to generate the certificate but using the ip address instead of the domain name?
I have enjoyed this one than any other, Les! Many thanks ❤
Awesome! Wasn't sure about this topic to be honest, it's a little outside of what I usually do, but thought people might find it useful! Glad you enjoyed it!
finally it's nice to see you again 🎉🎉
Nice to be back Anas!
Jackson, do you have any videos showing api with digital authentication? I need to prepare my api to receive notification from a webhook, which uses mtls for communication.
You're amazing sir, getting to learn loads of useful stuff from you. Thank you. Keep up the good work.
Thank you for another great video! I followed along with my API and works great within my dev machine. One question though in my dev environment, I need to call this API from another dev machine (2nd machine) in the same network. I'm trying to reach the API using IP address since I don't have the host file set up on the 2nd machine. I'm getting certificate issue. These 2 machines can ping each other.
Great tutorial. I'm doing this in .NET 6 and using minimal api approach. I have a question about using options.ListenAnyIP vs. the Dns host approach: If use ListenAnyIP, when I run the app, it opens to the url I have in the config, (and the url matches the cert url), But, if I use the resolved DNS ip, when I run the app, it doesn't open the url, and if I go to the url, it can't validate the certificates. So what options can I use to have it go to the url, rather than try to use the ip address?
Fantastic video, thanks a lot. One question, are you going to do a video for a production enviroment?
Thank you very much, you saved my weekend.
Thank you very much for this video sir,I really enjoy watching video on this channel.God bless you.
can you make video on real world problem and solution with design patterns
You are most welcome Saurabh!
Fantastic! Thanks a lot!
Thank you for great explanation
Did you find a good Open SSL article?
You've helped a lot!
Thanks!
Thanks a lot for such great help :)
DHCP is Dynamic Host _Configuration_ Protocol. Great video though
`dotnet dev-certs https --trust` doesn't work for me. It creates the certificate but doesn't Trust it. It only appears under Personal Certificates :/
Brilliant! As part of following this tutorial I discovered that my anti-virus, WebRoot, was blocking the creation of trusted certificates. It was also stopping me from the updating the host file.
Hi Les , Great video . I really enjoyed it.
Glad you enjoyed it Arun, Cheers, Les
Thanks Les. I'm struggling with getting my react app and jquery to talk to my local webapi so I'm hoping this does the trick.
Still failing for me. I'm trying this on my corporate desktop computer. When I run the GET against the weatherforecast from Postman with HTTPS verification enabled it also fails. When I disable verification I get data back, even using the DNS name which is cool, but the SSL verification fails. When I look at the warning in the Postman console I get:
Warning: Unable to verify the first certificate
When I look further down in the warning in the TLS section I see something perhaps more specific.
authorizationError: "UNABLE_TO_VERIFY_LEAF_SIGNATURE"
Thanks a lot for this wonderful content.
Thanks so much... Very high quality content !!!
❤ PowerShell here
I like your content , thanks m8 !
Hey Les, thanks for the amazing content that you put out! It really helps us! I would like to ask you if you could do a video on microservices and microservices internal communication. How would one do it and if can we use kubernetes to scale the microservices. Thanks!
HI there, next videos I'm doing will beL API Gateway, Service Mesh and Asynchronous messaging, all of which really talk about Microservices!
@@binarythistle oh yes please thank you! :D
Hi Les, Thank you for your very well structured video, it's great.
One question: Any reason why not reading the certificate from the Certificate Store instead of reading from file?
This way you don't have even to worry with passwords.
Regards.
Hi Les , This was a great video . Totally loved it
Would you be making video on EshopOnContainers microservices ?
Hi Lakhan, yes I'm working on something at the moment, I've taken EshopOnContiners and am re-working it slightly to make it easier to teach with. Hopefully not too long before I complete it.
@@binarythistle Thanks Les , Waiting for that video to come out. Would be supporting that video on patreon
is this a big difference when we configure our SSL only in application code / or only in server configuration?
Thanks man! Really helpful.
Hi Les, nice video, this has always been a mystery to me. One issue I have noticed is that although Edge works as shown, Chrome still says the certificate is Invalid. Not sure why, any ideas? It does come good after setting up the certificate etc.
Bad luck about Melbourne being back in lockdown, I'm in Forest Hill and was excited about starting to get out again :-(
Hi Steve. This drove me crazy for a bit until I restarted the browser! I should have mentioned that in the video. Drop us a line if that doesn't resolve it - seems to be working in Chrome for me, (after the restart). Another thing I should have mentioned is that Firefox uses its own cert store so uses will need to import the cert following these instructions: knowledge.digicert.com/solution/SO5437
Yeah lock-down again is a pain, but I guess it's for the greater good! Hopefully the numbers start to drop. Thanks for feeding back, and stay safe, Les
I had the same issue. Thanks for Your question and aswer :)
Thanks, It's works well with Edge browser, but in my case, it does not work with Firefox or Safari (which ask to add an exception).
Custom Certificate is it the good way to use API https connection a LAN Production project ?
Hi Les. I wonder why don't we remove the http entry from application url and just use https only ?
Thankyou!
Hello, I've a doubt. How do change the url length in kestrel so that I can pass strings of larger length?
Hola desde chile.. Si no quisiera levantarlo con Kestrel sino por iis express como sería?
Hey Les, I would I get this to work when deployed in Azure?
@Les Jackson
#Les Jackson
Hi, I was wondering if there is a way to utilize Typescript with dotnet core 3.1 and web api? I would really love to see the use of Typescript in the backend on dotnet core.
Thank you very much for sharing videos
No worries Pei!
On my work machine it... works.
On Linux too.
On my personal machine it... gets personal and throws 'System.Security.Cryptography.CryptographicException' occurred in System.Security.Cryptography.dll: 'Access denied.'
Any idea what makes it break ?
Thank you so much
Thanks boss for your contents.
My pleasure Prasanth!
could you make a video for certs in ubuntu or linux base os ?, i have spend three days and still have not got it to work.. dev certs for linux is a pain in the ass .
Thank you!
You're welcome!
Super Like
Thanks!
nice
PLEASE HELP MEE!!!
Amazing video but if I add that "var host = Dns.GetHostEntry("");" line in program.cs my code jumps to that line instead of entering into ".ConfigureServices((context, services) =>"... any idea why??? I'm trying to get the string with the domain from config so I'm using it like this: prnt.sc/vwnlaq
thanks!
Solved it! Now I get a "The requested address is not valid in its context" error....
Nevermind, I solved it! :D I was using the domain IP in the localhost. Thanks for the video man!
what i fin dissapointing is a channel like that where we find a real treasure have little subscribers meanwhile gaming channels have millions.
Any one knows how to CA Signed Certificate to a custom domain using Kestrel
Does it work on .net 5 ? I get an error NET::ERR_CERT_COMMON_NAME_INVALID