Storage Explorer doesn't work with certs generated from dotnet dev-certs
jongio opened this issue · 9 comments
We want to be able to use the certs generated by dotnet dev-certs to help create a seamless dev exp across Azurite, ASP.NET, Storage Explorer, and the SDKs. This issue is blocking that exp.
- Generate a cert
- Install dotnet SDK
dotnet dev-certs https --trust -ep cert.pfx -p azurite
-
Start Azurite with that cert
npm install azurite
azurite --oauth basic --cert cert.pfx --pwd azurite --blobHost localhost --queueHost localhost -
Create connection to Azurite using this connection string
DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://localhost:10000/devstoreaccount1;QueueEndpoint=https://localhost:10001/devstoreaccount1; -
Add cert to Storage explorer
Edit -> SSL Certificates -> Import Certificates
Import the cert.pfx file you created in first step
-
Reload Storage Explorer
-
Try to access Azurite node and you get this:
I tried importing the cert into the Root Certificate store, but still got the same issue. Here's the command I tried:
certutil -f -user -enterprise -p azurite -importpfx root cert.pfx
This same cert works with the Azure SDKs, so I think there's something about Storage Explorer that doesn't support this cert. The source for how this cert is generated is here:
https://github.com/dotnet/aspnetcore/blob/master/src/Tools/dotnet-dev-certs/src/Program.cs
Cert was of wrong format. @jongio and his team are going to help us with writing code to convert these certs into the cert format we need.
@jongio , can you ping me with an update on what you'd like done about this?
We are still trying to find an existing package that can convert from pfx to pem - but have been unable to do so. It's still on radar. We don't have an ETA at the moment.
We are still trying to find an existing package that can convert from pfx to pem - but have been unable to do so. It's still on radar. We don't have an ETA at the moment.
Is there any more changes that also needs to be applied to the certificate? I cannot get it to work with a manually converted PFX -> PEM.
I don't think anyone has it working.
I don't think anyone has it working.
Actually, I got it mostly working after a reboot and fiddling with it some more.
I say mostly as it seems I can do most things, but I get cert error when trying to delete a blob.
Thanks. Can you post here what you had to do to get it working and the error you are getting?
Unfortunately, in trying to reproduce what I thought was the successful steps (after resetting storage explorer), I could not get it to work again...
I popped back into the docs and read about the "Use system proxy (preview)" proxy setting that's supposed to make the explorer use the certificates from the OS etc. and after setting that it all (mostly) worked again just as it did before the reset. I must have changed that setting at some point while trying things for hours and hours and not realizing that it was the resolution.
So although it appears I didn't have solution for the import certificate issue - it solves my issue and I can now use the explorer with the dev-certs.
The error I've gotten so far is still an certificate error on trying to delete a blob. But I expect this will be resolved when the system proxy comes out of preview, as the docs does say it yet does not support deleting blob's for instance.
Here is the code I am using to create a cert and convert it. Explorer acts like I still have not added the cert. Would really appreciate some attention to allowing localhost cert support with storage explorer
CMD:
dotnet dev-certs https --clean
dotnet dev-certs https -ep cert.pfx --password secret
PS:
$Thumbprint = (Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object {$_.FriendlyName -match "ASP.NET Core HTTPS development certificate"}).Thumbprint
Set-Content -Path $env:APPDATA\StorageExplorer\certs\cert.cer -Value ([convert]::tobase64string((get-item cert:\currentuser\my$Thumbprint).RawData)) -Encoding Ascii