3

We're developing Web API web servers in Visual Studio. We have enabled SSL. This requires a local SSL certificate. We have set this up on our development machines, but we need to be able to set it up on our CI build machines via command line in order to run Selenium tests. Locally, Visual Studio is helpful with getting this taken care of. When you start the Web API web servers, you get the following prompt:

This project is configured to use SSL. To avoid SSL warnings in the browser you can choose to trust the self-signed certificate that IIS Express has generated. Would you like to trust the IIS Express SSL certificate?

This project is configured to use SSL. To avoid SSL warnings in the browser you can choose to trust the self-signed certificate that IIS Express has generated.

Would you like to trust the IIS Express SSL certificate?

I need to duplicate what happens when I click "Yes" in this prompt via the command line. How do I do this?

Pang
  • 9,564
  • 146
  • 81
  • 122
Scotty H
  • 6,432
  • 6
  • 41
  • 94
  • IIS Express is for local development. What web server are you deploying the build to? – JuanR Mar 30 '18 at 15:30
  • @JuanR We're not deploying it, we're running the sites on our CI build server so that we can use them in Selenium tests. – Scotty H Mar 30 '18 at 15:33
  • Check this out: https://seleniummonk.blogspot.com/2014/05/handling-untrusted-ssl-certificates.html – JuanR Mar 30 '18 at 15:38
  • Here is another one: https://stackoverflow.com/questions/20132331/untrusted-ssl-certificates-in-firefox-using-webdriver-and-c-sharp – JuanR Mar 30 '18 at 15:39

1 Answers1

-1

The following C# code does exactly what Visual Studio does, (taken from Jexus Manager, https://github.com/jexuswebserver/JexusManager/blob/master/JexusManager.Features.Certificates/CertificatesFeature.cs)

        private void Trust()
        {
            var cert = SelectedItem.Certificate;
            var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadWrite);
            if (store.Certificates.Find(X509FindType.FindByThumbprint, cert.Thumbprint, false).Count == 0)
            {
                try
                {
                    store.Add(cert);
                }
                catch (CryptographicException ex)
                {
                    if (ex.HResult != NativeMethods.UserCancelled)
                    {
                        var dialog = (IManagementUIService)GetService(typeof(IManagementUIService));
                        dialog.ShowMessage($"An unexpected error happened. HResult is {ex.HResult}. Contact your system administrator.", Name,
                            MessageBoxButtons.OK, MessageBoxIcon.Error);
                    }

                    // add operation cancelled.
                }
            }

            store.Close();
        }

Translate it to PowerShell or any equivalent command and then you can achieve your goal.

Lex Li
  • 60,503
  • 9
  • 116
  • 147
  • What type is `SelectedItem`? Where do I import it from? – Scotty H Mar 30 '18 at 16:09
  • `SelectedItem.Certificate` is how Jexus Manager reads the certificate from a UI element. You don't need that, and should replace it with your own code to read the certificate (if you don't know how to, Google it). – Lex Li Mar 30 '18 at 16:10