dotnet/aspnetcore

Log HTTPs cert info on startup

Open

#4,759 opened on Feb 10, 2018

View on GitHub
 (10 comments) (2 reactions) (1 assignee)C# (37,933 stars) (10,653 forks)batch import
affected-very-fewarea-networkingenhancementfeature-kestrelhelp wantedseverity-nice-to-have

Description

Kestrel logs endpoint when the server starts, but doesn't log which certificates were used. Now that Kestrel endpoints and certs can be configured from a file https://github.com/aspnet/KestrelHttpServer/pull/2186, it would be nice to show console info to help users identify if their config was correctly used.

Some ideas:

From store, show friendly name

Now listening on: https://localhost:5001
Using server certificate: "ASP.NET Core HTTPS development certificate" from cert:\CurrentUser\My

From store, show subject

Now listening on: https://localhost:5001
Using server certificate: CN=localhost, cert:\CurrentUser\My

From store, include more info like thumbprint

Now listening on: https://localhost:5001
Using server certificate: CN=localhost, cert:\CurrentUser\My, 52A477BBEDE8DFDEB699106D5FFB8FE89F9BF790

From file

Now listening on: https://localhost:5001
Using server certificate: C:\dev\test\cert.pfx

Multiple certs

Now listening on: https://localhost:5002
Using server certificate: C:\dev\test\cert2.pfx
Now listening on: https://localhost:5001
Using server certificate: C:\dev\test\cert1.pfx

Contributor guide

Tech stack
csharp
Domain
backendsecurity
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
C#ASP.NET CoreKestrel serverHTTPS certificates
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
55
Research direction
Investigate the Kestrel startup code in the dotnet/aspnetcore repository, focusing on the logging of 'Now listening on:' endpoints. Identify where certificate information can be extracted (e.g., from store or file) and add logging statements. Check the comments in the issue for prior discussion and any linked PRs in the KestrelHttpServer repo that may have implemented similar functionality. The goal is to output the certificate details (e.g., friendly name, subject, thumbprint) alongside the listening address.
Log HTTPs cert info on startup · dotnet/aspnetcore#4759 | Good First Issue