andythorne · March 12, 2025 20:59
diff --git a/local-tls-wsl.sh b/local-tls-wsl.sh
 # PROBLEM: You want to do .NET local development using WSL but you are struggling to get TLS to work using dotnet dev-certs.
 #
 # This was tested on Windows 10 using an Ubuntu 20.04 WSL distro. Both environments targeted .NET 6.
 # I stiched this together from snippets of information found in the following resources:
 # - https://code.luasoftware.com/tutorials/linux/upgrade-openssl-on-ubuntu-20/
 # - https://github.com/dotnet/aspnetcore/issues/27344
 # - https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-6.0&tabs=visual-studio
 #
 # STEP 0: Check your OpenSSL version
 # RUN THIS FROM A TERMINAL ON WSL VM
 # You need to update to a minimum release of 1.1.1h for the dotnet dev-certs to have any chance of working.
 # This is due to: https://github.com/openssl/openssl/issues/1418
 openssl version

 # STEP 1: Upgrade OpenSSL if you don't meet the version requirements
 # OPTION A: Download and Build Open SSL
 # RUN THIS FROM A TERMINAL ON WSL VM
 # Steps from this guide: https://code.luasoftware.com/tutorials/linux/upgrade-openssl-on-ubuntu-20/
 #
 # Due to the v.high level of disc I/O involved you are going to want to do this
 # on a local folder rather than the Windows mounted volume
 cd ~/
 # Install tooling to help build openssl
 sudo apt-get update; \
  sudo apt-get install -y make && \
  sudo apt-get update && \
  sudo apt-get install -y gcc

 # Download and verify openssl package
 sudo cp -R /usr/lib/ssl /usr/lib/ssl-1.1.1-bk && \
  wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz && \
  wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz.sha256 && \
  echo "$(cat openssl-1.1.1h.tar.gz.sha256) openssl-1.1.1h.tar.gz" | sha256sum --check

 # unpack and build openssl
 tar -zxf openssl-1.1.1h.tar.gz
 cd openssl-1.1.1h
 ./config
 make
 make test
 sudo make install

 # update simlinks
 sudo mv /usr/bin/openssl /usr/bin/openssl-1.1.1f && \
  sudo ln -s /usr/local/bin/openssl /usr/bin/openssl

 # Will probably fail - that's ok
 sudo ldconfig

 # fix configs
 cd /usr/local/ssl
 sudo rmdir certs && \
  sudo ln -s /etc/ssl/certs && \
  sudo rmdir private/ && \
  sudo ln -s /etc/ssl/private && \
  sudo mv openssl.cnf openssl.cnf.original && \
  sudo ln -s /etc/ssl/openssl.cnf && \
  cd ~/

 # Check your OpenSSL version
 # Should now read 1.1.1h
 openssl version

 # OPTION B: Alternatively you could update to latest Ubuntu LTS in the developer branch
 # RUN THIS FROM A TERMINAL ON WSL VM
 # The exact Ubuntu version you land on is a moving target - 22.04 at the time of writing.
 # 22.04 is technically unsupported by dotnet but lite testing suggests it might work well enough for local development.

 # Switch to root user
 sudo su
 do-release-upgrade -d
 # Exit back to user space
 exit

 # STEP 2: Install dotnet
 # RUN THIS FROM A TERMINAL ON WSL VM
 wget https://packages.microsoft.com/config/ubuntu/21.04/packages-microsoft-prod.deb \
  -O packages-microsoft-prod.deb && \
  sudo dpkg -i packages-microsoft-prod.deb && \
  rm packages-microsoft-prod.deb

 sudo apt-get update; \
  sudo apt-get install -y apt-transport-https && \
  sudo apt-get update && \
  sudo apt-get install -y dotnet-sdk-6.0

 # STEP 3: CONFIGURE DEV CERTS
 #
 # RUN THIS FROM A TERMINAL ON YOUR WINDOWS HOST
 # Export dotnet dev cert from Windows and place in WSL partition
 #
 # Replace <YOUR-WINDOWS-USERNAME> with your windows username
 # Replace <PASSWORD> with any password you can remember for the next command
 dotnet dev-certs https --export-path c:\Users\<YOUR-WINDOWS-USERNAME>\aspnetcore.pfx --password <PASSWORD>

 # RUN THIS FROM A TERMINAL ON WSL VM
 # This will adopt this cert as your dev-cert for dotnet on WSL (Win and WSL will use the same cert)
 # This will establish service-to-service trust in your WSL environment plus trust between
 # browsers like Edge on your Host VM and aspnet web servers running on WSL
 #
 # Replace <YOUR-WINDOWS-USERNAME> with the same value as before
 # Replace <PASSWORD> with the same value as before
 dotnet dev-certs https --clean --import /mnt/c/Users/<YOUR-WINDOWS-USERNAME>/aspnetcore.pfx --password <PASSWORD>
 sudo -E dotnet dev-certs https \
  -ep /usr/local/share/ca-certificates/aspnet/https.crt \
  --format PEM \
  && sudo update-ca-certificates
	# PROBLEM: You want to do .NET local development using WSL but you are struggling to get TLS to work using dotnet dev-certs.
	#
	# This was tested on Windows 10 using an Ubuntu 20.04 WSL distro. Both environments targeted .NET 6.
	# I stiched this together from snippets of information found in the following resources:
	# - https://code.luasoftware.com/tutorials/linux/upgrade-openssl-on-ubuntu-20/
	# - https://github.com/dotnet/aspnetcore/issues/27344
	# - https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-6.0&tabs=visual-studio
	#
	# STEP 0: Check your OpenSSL version
	# RUN THIS FROM A TERMINAL ON WSL VM
	# You need to update to a minimum release of 1.1.1h for the dotnet dev-certs to have any chance of working.
	# This is due to: https://github.com/openssl/openssl/issues/1418
	openssl version

	# STEP 1: Upgrade OpenSSL if you don't meet the version requirements
	# OPTION A: Download and Build Open SSL
	# RUN THIS FROM A TERMINAL ON WSL VM
	# Steps from this guide: https://code.luasoftware.com/tutorials/linux/upgrade-openssl-on-ubuntu-20/
	#
	# Due to the v.high level of disc I/O involved you are going to want to do this
	# on a local folder rather than the Windows mounted volume
	cd ~/
	# Install tooling to help build openssl
	sudo apt-get update; \
	sudo apt-get install -y make && \
	sudo apt-get update && \
	sudo apt-get install -y gcc

	# Download and verify openssl package
	sudo cp -R /usr/lib/ssl /usr/lib/ssl-1.1.1-bk && \
	wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz && \
	wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz.sha256 && \
	echo "$(cat openssl-1.1.1h.tar.gz.sha256) openssl-1.1.1h.tar.gz" \| sha256sum --check

	# unpack and build openssl
	tar -zxf openssl-1.1.1h.tar.gz
	cd openssl-1.1.1h
	./config
	make
	make test
	sudo make install

	# update simlinks
	sudo mv /usr/bin/openssl /usr/bin/openssl-1.1.1f && \
	sudo ln -s /usr/local/bin/openssl /usr/bin/openssl

	# Will probably fail - that's ok
	sudo ldconfig

	# fix configs
	cd /usr/local/ssl
	sudo rmdir certs && \
	sudo ln -s /etc/ssl/certs && \
	sudo rmdir private/ && \
	sudo ln -s /etc/ssl/private && \
	sudo mv openssl.cnf openssl.cnf.original && \
	sudo ln -s /etc/ssl/openssl.cnf && \
	cd ~/

	# Check your OpenSSL version
	# Should now read 1.1.1h
	openssl version

	# OPTION B: Alternatively you could update to latest Ubuntu LTS in the developer branch
	# RUN THIS FROM A TERMINAL ON WSL VM
	# The exact Ubuntu version you land on is a moving target - 22.04 at the time of writing.
	# 22.04 is technically unsupported by dotnet but lite testing suggests it might work well enough for local development.

	# Switch to root user
	sudo su
	do-release-upgrade -d
	# Exit back to user space
	exit

	# STEP 2: Install dotnet
	# RUN THIS FROM A TERMINAL ON WSL VM
	wget https://packages.microsoft.com/config/ubuntu/21.04/packages-microsoft-prod.deb \
	-O packages-microsoft-prod.deb && \
	sudo dpkg -i packages-microsoft-prod.deb && \
	rm packages-microsoft-prod.deb

	sudo apt-get update; \
	sudo apt-get install -y apt-transport-https && \
	sudo apt-get update && \
	sudo apt-get install -y dotnet-sdk-6.0

	# STEP 3: CONFIGURE DEV CERTS
	#
	# RUN THIS FROM A TERMINAL ON YOUR WINDOWS HOST
	# Export dotnet dev cert from Windows and place in WSL partition
	#
	# Replace <YOUR-WINDOWS-USERNAME> with your windows username
	# Replace <PASSWORD> with any password you can remember for the next command
	dotnet dev-certs https --export-path c:\Users\<YOUR-WINDOWS-USERNAME>\aspnetcore.pfx --password <PASSWORD>

	# RUN THIS FROM A TERMINAL ON WSL VM
	# This will adopt this cert as your dev-cert for dotnet on WSL (Win and WSL will use the same cert)
	# This will establish service-to-service trust in your WSL environment plus trust between
	# browsers like Edge on your Host VM and aspnet web servers running on WSL
	#
	# Replace <YOUR-WINDOWS-USERNAME> with the same value as before
	# Replace <PASSWORD> with the same value as before
	dotnet dev-certs https --clean --import /mnt/c/Users/<YOUR-WINDOWS-USERNAME>/aspnetcore.pfx --password <PASSWORD>
	sudo -E dotnet dev-certs https \
	-ep /usr/local/share/ca-certificates/aspnet/https.crt \
	--format PEM \
	&& sudo update-ca-certificates