@alexk Yep. As you mentioned, you can also reference the cert files directly. You don’t have to have the cert in a single PFX file with the private key password listed anywhere, though; you can also have the cert be in separate files (the cert and key being in separate files).
For example:
{
"Kestrel": {
"Endpoints": {
"HttpsFromPem": {
"Url": "https://*:443",
"Certificate": {
"Path": "C:\\Certs\\cert.pem",
"KeyPath": "C:\\Certs\\key.pem",
"AllowInvalid": "true"
}
}
},
"RedirectToHttps": "true"
},
}
Note the different name for the endpoint in this configuration, too - it’s HttpsFromPem and not HTTPS.
If you’re interested in doing it this way, just export the parts of the PFX into separate files (the cert into one file and the private key into a separate file), drop them into a folder the user account has read access to, and edit the paths into the appsettings.json file located at (by default) C:\ProgramData\PowerShellUniversal\appsettings.json
You can read more about the different methods supported and how to configure each at the PowerShell Universal Hosting page.