Today, I was trying to run one of our apps locally. It's a fairly small service, that's only receiving updates every few months, and all the testing and deployment happens in CI, so it hasn't been run locally for quite some time. But, when I started it, it tried to serve an expired certificate, so Chrome showed me a warning about the site not being secure.

With ASP.NET Core, the development workflow is quite nice. You can easily use self signed certificates for working with localhost, and dotnet takes care of managing all that. Yet, somehow, it served me a certificate that expired almost three years ago. Even after regenerating the dev certificates locally, I had the same error, so I looked into the configuration.

Turns out, I had this configuration option set in the user secrets on that machine: kestrel:certificates:development:password

User secrets are a way of managing not really sensitive but developer or machine specific configs for ASP.NET Core projects. The option above, with using a set password for a certificate, resulted in the app not automatically choosing the current dev certificate but instead one that expired long ago. So, quick fix when you know where to look😀

Happy encrypting!