-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.NET Core 5.0: X509Certificate2 - No credentials are available in the security package #45680
Comments
OK, simplified the workaround from #23749:
aka
That works around the bug(s) in Windows... |
Tagging subscribers to this area: @dotnet/ncl Issue DetailsIn .NET Core 5.0 with Kestrel, I'm getting
when doing SSL with Kestrel on Windows. To reproduce, run TestApplicationHttps It uses a self-signed ssl-certificate generated with Add the root-certificate to "trusted root certificates". I'm using the SNI-callback to dynamically load the SSL certificate (it can change at runtime).
This is the selector
Certificate is loaded like
It works on LInux !
|
Alternatively, you can store certificate and key in X509Store. In general, Schannel cannot work with in-memory keys. So this is really dup of #23749. |
Tagging subscribers to this area: @dotnet/ncl Issue DetailsIn .NET Core 5.0 with Kestrel, I'm getting
when doing SSL with Kestrel on Windows. To reproduce, run TestApplicationHttps It uses a self-signed ssl-certificate generated with Add the root-certificate to "trusted root certificates". I'm using the SNI-callback to dynamically load the SSL certificate (it can change at runtime).
This is the selector
Certificate is loaded like
It works on LInux !
|
Yea, but that issue is closed and not resolved. |
I'm not sure if it is fixable without Schannel changes. Perhaps we can documentation. |
Duplicate of #23749 |
In .NET Core 5.0 with Kestrel, I'm getting
when doing SSL with Kestrel on Windows.
It works fine on Linux ! (including with nginx)
Also, the SNI-callback frequently has string.empty as SNI-"name".
That's a bit of a pitty ...
To reproduce, run TestApplicationHttps
https://github.com/ststeiger/SelfSignedCertificateGenerator/tree/master/TestApplicationHttps
It uses a self-signed ssl-certificate generated with
https://github.com/ststeiger/SelfSignedCertificateGenerator/tree/master/SelfSignedCertificateGenerator
with a self-generated root certificate.
Add the root-certificate to "trusted root certificates".
I'm using the SNI-callback to dynamically load the SSL certificate (it can change at runtime).
This is the selector
Certificate is loaded like
It works on LInux !
But on Windoze...
The text was updated successfully, but these errors were encountered: