Long long ago, I looked at this.
The simplest solution is to create a root certificate and install that
into the system and then it _just works_.
I prototyped that here: https://github.com/tmds/linux-dev-certs
Unfortunately, Microsoft considers this approach 'insecure' (though I
am of another opinion).
If there is some interest, I'd be willing to provide this as a .NET global tool.
Microsoft wants the separate stores to get configured with the self-signed cert.
I had a go at this as well: https://github.com/dotnet/aspnetcore/pull/33279
Unfortunately, I got little feedback from the maintainers, and the PR stalled.
If you're taking a shot, the PR may have some things you could use.
On Wed, Mar 1, 2023 at 2:43 AM David Galvan <djgalvan01(a)outlook.com> wrote:
My name is David, I’m looking to help the dotnet team get dotnet Developer Certs working
out of the box for Linux distributions. The GitHub issue pertaining to this is here:
[Https] `dotnet dev-certs --trust` support on Linux · Issue #32842 · dotnet/aspnetcore ·
I’m wondering if anyone has had a chance to check out the issue or is working toward
helping to resolve it. There’s a lot going on in the page, the main excerpt is:
For each distro we need come up with a list of instructions to setup the machine and
create a VM image we can leverage for regression testing. We need to capture the
instructions for doing the following:
Install the base OS
Install new enough openssl version (if necessary)
Install libnss3-tools (certutil)
Prepare the VM to be shared with the team (we should be able to do so as described here
DotNet SIG mailing list -- dotnet-sig(a)lists.fedoraproject.org
To unsubscribe send an email to dotnet-sig-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue