Auto-generate self-signed certificates in Kestral

[hitchhiker]

I have no need for TLS security, but MS is removing HTTP, here's my use case:
https://github.com/NuGet/docs.microsoft.com-nuget/issues/3295

Would it be possible to allow Kestral to generate a self-signed certificate, to eliminate the need for extra configuration / maintenance?

An example of that: https://itniels.com/2020/05/19/aspnet-core-starting-kestrel-with-generated-selfsigned-certificate/

[seriouz]

@hitchhiker So far I haven't thought about what exactly happens if Microsoft disables http access completely. If they still check the validity of certificates, we really have to come up with something clever.

[hitchhiker]

Hey @seriouz - they have a flag that they've added to 8.0.400 that will allow us to skip validation, I don't know if that includes HTTP (and can't find information on it yet).

disableTLSCertificateValidation=true

While it would be better for folks in our context to just to use HTTP (as self-hosted, in a private network we have no use for TLS), if the flag doesn't allow that it will at least allow us to use a self-signed / temporary / self-generated cert.

NuGet/Home#13478

[seriouz]

Thank you for this information.
I think we'll go for: Allowing to add custom certs. And when none is found, a self signed will be used.
Probably we could add a notice to the ui explaining the disableTLSCertificateValidation=true property.

[hitchhiker]

https://github.com/NuGet/docs.microsoft.com-nuget/issues/3295#issuecomment-2125360562

They replied, the flag 'allowInsecureConnections' (available already) suppresses the warnings / errors and allow the process to continue with HTTP. I tried it, and it's working as expected. I am publishing with a local HTTP feed without issue.

Thanks for your time, and this refreshed project!