Trouble with HTTPS

I’m having trouble getting HTTPS to work. Below is my appsettings.json file. I’m getting a “ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY” message in Chrome when attempting to connect.

I also have two Warning events in Windows Application event log when I start the Universal service, which may be related:

Category: Universal.Server.Services.SecurityProxy
EventId: 0

Exception during stop.

Exception:
System.NullReferenceException: Object reference not set to an instance of an object.
at Universal.Server.Services.SecurityProxy.StopAsync() in C:\src\universal\src\Universal.Server\Services\SecurityProxy.cs:line 77

Category: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware
EventId: 3
ConnectionId: 0HM20I1DVS5ST
RequestId: 0HM20I1DVS5ST:00000001
RequestPath: /
SpanId: 9c77211ce903514f
TraceId: b2263b9e16d33b499722f44b0ab60f91
ParentId: 0000000000000000

Failed to determine the https port for redirect.

Here’s my appsettings.json:
{
“Kestrel”: {
“Endpoints”: {
“HTTP”: {
“Url”: “http://:5000",
“Protocols”: “Http1”
},
“HTTPS”: {
“Url”: "https://
:5001”,
“Certificate”: {
“Path”: “C:\ProgramData\PowerShellUniversal\certificate.pfx”,
“Password”: “1234”
}
}
}
}
}

You need to update .NET on your server and enforce TLS 1.2 via registry (reboot when done):

There has been recent change with Chrome now throwing a fit when using TLS 1.0
You can verify this on client by disabling TLS 1.0 in Internet Options > Advanced tab temporarily

Following the guide at https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-server#bkmk_net did get HTTPS working. What finally worked was setting appsettings.json to use Http1, based on info from this forum post: https://github.com/dotnet/aspnetcore/issues/14350

It’s possible that doing the registry changes above was needed, but I suspect that this JSON configuration is all that’s needed

"Kestrel": {
	"EndpointDefaults": { 
		"Protocols": "Http1"
	},
	"Endpoints": {
		"HTTP": {
			"Url": "http://*:80",
		},
		"HTTPS": {
			"Url": "https://*:443",
			"Certificate": {
				"Path": "C:\\ProgramData\\PowerShellUniversal\\certificate.pfx",
				"Password": "1234"
			}
		}
	}

}

1 Like

I Just did this and it worked a treat, I did need to remove the HTTP endpoint becuase of a conflict but I didnt want it anyway :slight_smile:

This works for me.

 "Kestrel": {
"EndPoints": {
"DevHttp": {
"Url": "http://*:5000"
},

  "DevHttpsInlineCertFile": {
    "Url": "https://*:443",
    "Certificate": {
      "Path": "C:\\ProgramData\\PowerShellUniversal\\cert.pfx",
      "Password": "1234"
    }
  }
  }    
  },

Source: https://github.com/MicrosoftDocs/azure-docs/issues/13371