Create self signed certificate and trust it system wide

I want to create a ca certificate and trust it system wide in order to use it for software development with
dotnet 6.

By the way what exactly the command trust extract-compat does because the manpage does not clarify.

For dotnet development it is as simple as

dotnet dev-certs https

dotnet certificate at DuckDuckGo

This command generates the certificate. I want to trust it system wide. This command generates a .pfx file in the dotnet store. But any other application like for example a console application that uses gRPC tries to communicate with the server that is written in dotnet then they cannot establish communication because this is not trusted from system. Ubuntu has update-ca but archlinux and manjaro have a command trust but although I tried I couldn’t figure out how to do it. More tutorials are about Ubuntu or are old.

I am having some similar issues - I had to ‘borrow’ my clients certficate to install on my local webservice to be able to properly debug the frontend.

I found this today Creating and trusting a self-signed certificate on Linux for use in Kestrel and ASP.NET Core. While it is indeed wrtitten for dotnet 2 6years ago - I think the general principle is still valid - and it explains why I am having a hard time with chromium based browsers - not so much firefox but chromium is not nice to me.

From the above I got the hunch to scour the Arch wiki for certificate related articles - see if I can put together a working recipe for Arch based distributions.

You may already be familiar with this - as you mention trust command

Try trust --help :wink:

extract-compat Extract trust compatibility bundles

@TriMoon - Did you get this resolved? I’ve recently started working on a chain of APIs in dotnet 7 and have hit a brick wall as I can’t seem to set up a localhost trusted certificate. I get warnings that the developer cert isn’t trusted and the APIs just do NOT want to play ball.

I tried disabling SSL locally as well and I’m not having any luck with that either.

They need a domain to work with, localhost won’t do :wink:

If im not wrong the domain needs at least 2 parts, because a single part is perceived as a TLD which is just not supported by the technologies involved…
Plus if you want the cert to be trusted by your apps, you need to add it to your chain of root certs list, the location depends on the apps you use…
For example Firefox has it’s own default trusted certs list…