Knowledge blog

By /

Configuring endpoints at https with SSL certificate for ASP.net Core Kestrel Web Server.

The ASP.NET Core Kestrel web server is configured by default to run at port 5000 so you can access it using
http://localhost:5000. However in production you may need it run with different port or https URL with proper SSL configuration. For that purpose Kestrel endpoints provide set of configuration parameters so you can configure any number of end points in both http and https protocol.

Here, will discuss about the https endpoints with proper SSL certificate configured.

Although you can do it in your program the suggested way is to simply work on appsettings.json. Kestrel can load endpoints from an IConfiguration instance. By default, Kestrel configuration is loaded from the Kestrel section and endpoints are configured in Kestrel:Endpoints.

If you don’t already have an entry of kestrel section then simply add a simple block as below to getting familiarize with Kestrel endpoints. You can add it above the logging section.

"Kestrel": {
    "Endpoints": {
      "httpEndpoint": {
        "Url": "http://localhost:5000 "
      },
    }
  }

Now change the port value from 5000 to 5001 or something else and start your self-hosted .net core kestrel application. In the browser test with the new port and you can observe that the default port is altered. We have added one end point above which is specific for http URL where we will add one now for the https URL. Add below block after the httpEndpoint.

  "httpsLocalEndpoint": {
   "Url": https://localhost:5001
 }

Again start your app and test https URL in a browser. It should work good in https port and if so move ahead to next steps where we will configure proper SSL certificate to a custom domain address (IE: Your public URL). You can configure either a physical certificate stored in hard disk or use a certificate from your certificate store.

You know? You can host your .Net Core application in Linux with Kestrel and Nginx reverse proxy. Learn how >>
Configuring PFX certificate stored locally in the hard disk

Let’s assume you have the .pfx file stored in the same directory where the app resides. Now add another end point for it.

"httpsPublicEndpoint": {
        "Url": "https://kestrel.demodooms.com:5002",
        "Certificate": {
          "Path": "star_demodooms_com.pfx",
          "Password": "Abcd!1234"
        }
     }
Configuring PFX certificate from the local certificate store.

Assume you have properly installed your PFX in your Personal store of your Certificate store. Note you have to use My as store name not Personal in the configuration. So let’s add another end point specific to this.

"httpsPublicEndpoint2": {
        "Url": "https://kestrel2.demodooms.com:5003",
        "Certificate": {
          "Subject": "*.demodooms.com",
          "Store": "My",
          "Location": "LocalMachine"
        }
 }

If you want to use your Location as current user then just remove the Location entry where the default falls into current user.

You can use crt or pem or any other format of your certificates and keys to configure your SSL with Kestrel.

Here is the complete set of JSON configuration with all 4 end points we created.

{
  "Kestrel": {
    "Endpoints": {
      "httpEndpoint": {
        "Url": http://localhost:5000
      },
      "httpsLocalEndpoint": {
        "Url": https://localhost:5001
      },
      "httpsPublicEndpoint": {
        "Url": "https://kestrel.demodooms.com:5002",
        "Certificate": {
          "Path": "star_demodooms_com.pfx",
          "Password": "Abcd!1234"
        }
      },
      "httpsPublicEndpoint2": {
        "Url": "https://kestrel2.demodooms.com:5003",
        "Certificate": {
          "Subject": "*.demodooms.com",
          "Store": "My",
          "Location": "LocalMachine"
        }
      }
    }
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}
Looking for a .Net development or consolation? Our experts can help you >>
By: Team - Web Development / March 24, 2024
Scroll to Top