Skip to content

dotnet dev-certs https --check Shows Certificate Invalid on macOS #60474

New issue
New issue
Open
Open
dotnet dev-certs https --check Shows Certificate Invalid on macOS#60474
Labels
area-commandlinetoolsIncludes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPIfeature-devcerts
@Newstatue

Description

@Newstatue
Newstatue
opened on Feb 18, 2025

Environment Information

  • Operating System: macOS Sonoma 15.3 (Apple Silicon)
  • .NET SDK Version: 9.0.200 (arm64)
  • Runtime Versions:
    • Microsoft.AspNetCore.App 9.0.2
    • Microsoft.NETCore.App 9.0.2

Problem Description

I followed the steps below to generate and trust the ASP.NET Core development certificate:

dotnet dev-certs https --clean
dotnet dev-certs https
dotnet dev-certs https --trust
dotnet dev-certs https --check --verbose

The output shows that the certificate was successfully generated and trusted. However, when running dotnet dev-certs https --check --verbose, it still indicates that the certificate is in an invalid state:

[1] Listing certificates from CurrentUser\My
[2] Found certificates: 1 certificate
    1) 7F6836DFD574CEC99B2230FF461F3E7334F176FC - CN=localhost - Valid from 2025-02-18 13:46:56Z to 2026-02-18 13:46:56Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[3] Checking certificates validity
[4] Valid certificates: 1 certificate
    1) 7F6836DFD574CEC99B2230FF461F3E7334F176FC - CN=localhost - Valid from 2025-02-18 13:46:56Z to 2026-02-18 13:46:56Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
The ASP.NET Core developer certificate is in an invalid state. To fix this issue, run 'dotnet dev-certs https --clean' and 'dotnet dev-certs https' to remove all existing ASP.NET Core development certificates and create a new untrusted developer certificate. Use 'dotnet dev-certs https --trust' to trust the new certificate.

Solutions I’ve Already Tried

1.	Running dotnet dev-certs https --clean and dotnet dev-certs https --trust multiple times.
2.	Deleting the ~/.aspnet/https/ directory.
3.	Manually deleting all localhost related certificates in Keychain Access.
4.	Restarting the system and rerunning the above certificate generation and trust steps.
5.	Manually setting the new localhost certificate in Keychain to Always Trust.

However, all of these attempts have been unsuccessful, and every time I run dotnet dev-certs https --check, it still shows that the certificate is in an invalid state.

Expected Behavior

Running dotnet dev-certs https --check should show that the certificate is valid, and no invalid certificate message should appear.

Actual Behavior

Even though the certificate is shown as present and trusted, it still reports “The ASP.NET Core developer certificate is in an invalid state.”

Additional Information

•	Is there a known compatibility issue with Apple Silicon (M1/M2/M3)?
•	Is there a known issue with certificate tools on macOS Sonoma 15.3?

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-commandlinetoolsIncludes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPIfeature-devcerts

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions