How to Implement SSL on Kestrel/ ASP.net core
 How to Implement SSL on Kestrel/ ASP.net core
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
February 2, 2017 Comments closed

How to Implement SSL on Kestrel/ ASP.net core

in ssl certificates

A Step-by-Step Guide on Configuring HTTPS on Kestrel/ASP.net

Kestrel is a web server that comes included with ASP.net Core new-project templates as a default. Kestrel represents a cross-platform web server based on libuv—a cross-platform asynchronous I/O library.

Kestrel is relatively new, as October 27, 2016, Microsoft was still suggesting you use IIS, Nginx or Apache as a reverse proxy server for edge deployments as a result of security concerns:

Kestrel is relatively new and does not yet have a full complement of defenses against attacks. This includes but isn’t limited to appropriate timeouts, size limits, and concurrent connection limits. For more information about when to use Kestrel with a reverse proxy, see Kestrel

Today we’re going to discuss how to implement SSL on Kestrel and enable HTTPS connections, adding a much needed layer of security to the fledgling server.

To implement SSL and configure the server for HTTPS, you’ll need to start by acquiring an SSL certificate. This a simple process, you’ll just need to:

  1. Select and purchase an SSL certificate
  2. Generate a CSR and a public/private key-pair
  3. Send the public key and your CSR to the Certificate Authority
  4. Undergo validation
  5. Receive your SSL Certificate and any intermediates that accompany it

After you’ve done all this, make sure you have provided a friendly name for the certificate and store, and have the pfx file handy.

Modify the project.json file to add a reference to Kestrel.https nuget package.

“dependencies”: {
“Microsoft.AspNet.Server.Kestrel”: “1.0.0-rc1-final”,
“Microsoft.AspNet.IISPlatformHandler”: “1.0.0-rc1-final”,
“Microsoft.AspNet.Diagnostics”: “1.0.0-rc1-final”,
“Microsoft.AspNet.Mvc”: “6.0.0-rc1-final”,
“Microsoft.Extensions.Logging.Console”: “1.0.0-rc1-final”,
“Microsoft.AspNet.Server.Kestrel.Https”: “1.0.0-rc1-final”
}

After that, you’ll need to modify the startup file, configure() method to use the certificate.

public void Configure(IApplicationBuilder app,
IHostingEnvironment env,
IApplicationEnvironment appEnv,
ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole();
var pfxFile = Path.Combine(appEnv.ApplicationBasePath, “Sample.pfx”);
X509Certificate2 certificate = new X509Certificate2(pfxFile, “Password”);
app.Use(ChangeContextToHttps);
app.UseKestrelHttps(certificate);
app.UseDeveloperExceptionPage();
app.UseMvcWithDefaultRoute();
}

Now, make sure not to hard code your certificate password, use the secrets API instead.

The method below is a work-around for the 454 defect.

Note: This has been fixed in RC2.

private static RequestDelegate ChangeContextToHttps(RequestDelegate next)
{
return async context =>
{
context.Request.Scheme = “https”;
await next(context);
};
}

Next up you will need to modify the project.json and change the URL:

“commands”: {
“web”: “Microsoft.AspNet.Server.Kestrel –server.urls https://*:5004”
}

Finally, your last order of business is to remove “dnxcore50” from the frameworks. Kestrel.https is not supported in dnxcore.

Congratulations, your Kestrel server is now optimized for HTTPS.

Author

Recent Posts

Follow Us

Free Ebooks

eBook
Email Spoofing Defense 101 (A 5-Step Guide)

Download Now

eBook
Certificate Lifecycle Management Best Practices Guide

Download Now

eBook
10 Code Signing Best Practices

Download Now