Storage Explorer doesn't work with certs generated from dotnet dev-certs #2859
Comments
jongio
changed the title
MRayermannMSFT
added
the
❔ external
|
Cert was of wrong format. @jongio and his team are going to help us with writing code to convert these certs into the cert format we need. |
|
@jongio , can you ping me with an update on what you'd like done about this? |
|
We are still trying to find an existing package that can convert from pfx to pem - but have been unable to do so. It's still on radar. We don't have an ETA at the moment. |
Is there any more changes that also needs to be applied to the certificate? I cannot get it to work with a manually converted PFX -> PEM. |
|
I don't think anyone has it working. |
Actually, I got it mostly working after a reboot and fiddling with it some more. |
|
Thanks. Can you post here what you had to do to get it working and the error you are getting? |
|
Unfortunately, in trying to reproduce what I thought was the successful steps (after resetting storage explorer), I could not get it to work again... I popped back into the docs and read about the "Use system proxy (preview)" proxy setting that's supposed to make the explorer use the certificates from the OS etc. and after setting that it all (mostly) worked again just as it did before the reset. I must have changed that setting at some point while trying things for hours and hours and not realizing that it was the resolution. So although it appears I didn't have solution for the import certificate issue - it solves my issue and I can now use the explorer with the dev-certs. The error I've gotten so far is still an certificate error on trying to delete a blob. But I expect this will be resolved when the system proxy comes out of preview, as the docs does say it yet does not support deleting blob's for instance. |
|
Here is the code I am using to create a cert and convert it. Explorer acts like I still have not added the cert. Would really appreciate some attention to allowing localhost cert support with storage explorer CMD: PS: Set-Content -Path $env:APPDATA\StorageExplorer\certs\cert.cer -Value ([convert]::tobase64string((get-item cert:\currentuser\my$Thumbprint).RawData)) -Encoding Ascii |
We want to be able to use the certs generated by dotnet dev-certs to help create a seamless dev exp across Azurite, ASP.NET, Storage Explorer, and the SDKs. This issue is blocking that exp.
dotnet dev-certs https --trust -ep cert.pfx -p azuriteStart Azurite with that cert
npm install azuriteazurite --oauth basic --cert cert.pfx --pwd azurite --blobHost localhost --queueHost localhostCreate connection to Azurite using this connection string
DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://localhost:10000/devstoreaccount1;QueueEndpoint=https://localhost:10001/devstoreaccount1;Add cert to Storage explorer
Edit -> SSL Certificates -> Import Certificates
Import the cert.pfx file you created in first step
Reload Storage Explorer
Try to access Azurite node and you get this:
I tried importing the cert into the Root Certificate store, but still got the same issue. Here's the command I tried:
certutil -f -user -enterprise -p azurite -importpfx root cert.pfxThis same cert works with the Azure SDKs, so I think there's something about Storage Explorer that doesn't support this cert. The source for how this cert is generated is here:
https://github.com/dotnet/aspnetcore/blob/master/src/Tools/dotnet-dev-certs/src/Program.cs
The text was updated successfully, but these errors were encountered: