Asp.NetCore的站点默认发布了http和https。但是他发布的https使用的默认证书有效期很短,为此使用自己申请的证书。
1.首先到linux上安装openssl,然后执行下面命令
# 生成私钥
openssl genrsa -aes256 -passout "pass:mypassword" -out key.pem 4096
# 生成公钥
openssl req -new -x509 -days 3650 -key key.pem -passin "pass:mypassword" -out cert.csr -subj "/C=CN/ST=BeiJing/L=BeiJing/O=Gongshi/OU=Group/CN=www.baidu.com//emailAddress=zzzz@qq.com.cn"
# 打包为pfx
openssl pkcs12 -export -in cert.csr -inkey key.pem -out dotnett.linux.pfx
2.这样就在命令执行目录得到一个pfx的文件,然后把文件拷贝到网站启动目录,修改网站Program.cs如下
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace iMedicalLIS
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>()
.UseKestrel(option =>
{
option.ConfigureHttpsDefaults(o =>
{
o.ServerCertificate =
new System.Security.Cryptography.X509Certificates.X509Certificate2(AppContext.BaseDirectory + "dotnett.linux.pfx", "mypassword");
});
})
.UseIIS()
.UseIISIntegration()
;
});
}
}
这样就用自己证书发布了https站点