In the ever-evolving world of web development, security is paramount. Here we provide a step-by-step guide to not only installing the .NET Software Development Kit (SDK) on Fedora, but also generating an SSL Certificate for your .NET apps, thus ensuring secure connections between client and server.
Part 1: Installing the .NET SDK on Fedora
Our first step is to install the .NET SDK. The .NET SDK is a set of libraries and tools that allow developers to create .NET apps and libraries. It is the foundation for building applications and libraries with .NET Core.
Here’s how you can install the .NET SDK on your Fedora system:
- Open a terminal window.
- Input the following command:
sudo dnf install dotnet-sdk-7.0
- Press
Enter
. You might be asked for your password; if so, provide it and pressEnter
again. - Let the installation process finish.
After the completion of the above steps, the .NET SDK should be installed successfully on your Fedora system.
Part 2: Creating an SSL Certificate for Your .NET Apps
Creating an SSL certificate for your .NET applications can enhance the security of your applications. Here’s how you can generate an SSL certificate:
- First, we need to install Easy-RSA, a CLI utility to build and manage a PKI CA. Run this command:
sudo dnf install easy-rsa
- Now, navigate to the home directory and create a new directory
.easyrsa
with permissions set to700
:cd ~ mkdir .easyrsa chmod 700 .easyrsa
- Copy the Easy-RSA scripts to our newly created directory:
cd .easyrsa cp -r /usr/share/easy-rsa/3/* ./
- Initialize the Public Key Infrastructure:
./easyrsa init-pki
- We need to set some variables for our certificate. Create a new file called
vars
and add the following details in it (You can modify these details according to your requirement):cat << EOF > vars set_var EASYRSA_REQ_COUNTRY "US" set_var EASYRSA_REQ_PROVINCE "Texas" set_var EASYRSA_REQ_CITY "Houston" set_var EASYRSA_REQ_ORG "Development" set_var EASYRSA_REQ_EMAIL "[email protected]" set_var EASYRSA_REQ_OU "LocalDevelopment" set_var EASYRSA_ALGO "ec" set_var EASYRSA_DIGEST "sha512" EOF
- Now build the CA with
nopass
option to not secure the CA key with a passphrase:./easyrsa build-ca nopass
- Copy the generated certificate to the trusted CA directory and update the CA trust on your system:
sudo cp ./pki/ca.crt /etc/pki/ca-trust/source/anchors/easyrsaca.crt sudo update-ca-trust
- Generate a new key and a certificate signing request for localhost:
mkdir req cd req openssl genrsa -out localhost.key openssl req -new -key localhost.key -out localhost.req -subj /C=US/ST=Texas/L=Houston/O=Development/OU=LocalDevelopment/CN=localhost cd ..
- Import the certificate signing request and sign it:
./easyrsa import-req ./req/localhost.req localhost ./easyrsa sign-req server localhost
- Now, move the server certificate and key to a new directory
.certs
and convert the certificate to PKCS#12 format:cd ~ mkdir .certs cp .easyrsa/pki/issued/localhost.crt .certs/localhost.crt cp .easyrsa/req/localhost.key .certs/localhost.key cd .certs openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt
- Lastly, add the path and the password for the certificate in the
.bashrc
file so the .NET Core Kestrel server can find it (replaceYOUR_USERNAME
with your actual username andPASSWORD
with the password you want to use for your certificate):cat << EOF >> ~/.bashrc # .NET export ASPNETCORE_Kestrel__Certificates__Default__Password="PASSWORD" export ASPNETCORE_Kestrel__Certificates__Default__Path="/home/YOUR_USERNAME/.certs/localhost.pfx" EOF
And that’s it! You’ve now installed the .NET SDK and generated an SSL certificate for your .NET apps. Your applications are not only more secure but also more professional, creating trust with users who value their data privacy and security.