sometimes we do not want to pay for the Certificate authority – CA to issue a real certificate or for development, we just want to use a self sign cert that we signed and manually trusted it for testing https traffic just for development environment.
In Windows, we can just click on the self sign cert and it prompts us to where we want to store it which usually should be stored in Trusted Root Authority store.
But where is it in Linux and especially for mono? also I am not going to cover self sign cert for IIS server creation here in this post and I assume you already know how to do it. if you go to IIS manager (inetmgr) you should be able to create it there.
I wrote a bash script here where it will download your IIS self signed cert from your IIS Server in pem format and then merge it with existing certificate bundle – tls-ca-bundle.pem. Then sync the newly merged cert list to mono store – Trust store
registerIISServerCertSelfSignForMono.sh
#!/bin/bash
echo "Server:Port = $1";
### Download IIS self sign cert in pem format from given server:port
openssl s_client -showcerts -verify 5 -connect $1 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/) out="IISSelfSignCert.pem"; print >out}'
TEMPDIR=/etc/pki/ca-trust/source/temp
### Cleaning up our temp directory
rm -rf $TEMPDIR
mkdir -p $TEMPDIR
### copy our IIS Server self sign cert pem to our temp directory
cp IISSelfSignCert.pem $TEMPDIR
### Merge our IIS self sign cert pem to existing tls ca bundle cert pem
cp /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem $TEMPDIR/MergedCertList.pem
echo -e "\n# $f added for IIS Server Self Sign Cert" >> $TEMPDIR/MergedCertList.pem
cat $TEMPDIR/IISSelfSignCert.pem >> $TEMPDIR/MergedCertList.pem
cat $TEMPDIR/MergedCertList.pem
#now sync with Mono store, Trust store
cert-sync $TEMPDIR/MergedCertList.pem
Execute it at the terminal:
$ registerIISServerCertSelfSignForMono.sh yourServerName:Port
eg:
$ registerIISServerCertSelfSignForMono.sh www.vic-llc.org:443