Skip to content

Add support for automatically adding the dev cert to the Windows certificate store when trusted in WSL #64966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
danegsta wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add support for automatically adding the dev cert to the Windows certificate store when trusted in WSL #64966

danegsta wants to merge 10 commits into from
+98 −0

Conversation

@danegsta
Copy link
Member

@danegsta danegsta commented Jan 7, 2026

Add support for automatically adding the dev cert to the Windows certificate store when trusted in WSL

When trusting the dev cert in WSL, also trust it in the Windows cert store.

Description

Updates Unix certificate trust behavior to check if running in WSL in interop mode based on well known file paths and environment variables. If so, attempt to use Windows powershell to add the dev cert to the Windows certificate store (under currentuser/root) as well with the friendly name "ASP.NET Core HTTPS development certificate (WSL)". This will allow Windows applications (particularly browsers) to trust local development traffic from .NET applications running in WSL.

Adding the certificate to only currentuser/root will allow the WSL certificate to be trusted, but Kestrel running on Windows won't attempt to use the certificate as it only looks for the dev cert in currentuser/my, so if the user wants to run dotnet apps on Windows they'd still need to run dotnet dev-certs https --trust on the Windows side to enable serving with the dev cert.

image

Fixes #45208

@danegsta danegsta linked an issue Jan 7, 2026 that may be closed by this pull request
Add support to dotnet dev-certs for managing HTTPS certs in WSL #45208
Open
@github-actions github-actions bot added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Jan 7, 2026
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot AI mentioned this pull request Jan 7, 2026
Merged
4 tasks
Copy link
Contributor

Copilot AI commented Jan 7, 2026

@danegsta I've opened a new pull request, #64969, to work on those changes. Once the pull request is ready, I'll request review from you.

@danegsta danegsta mentioned this pull request Jan 7, 2026
Merged
DamianEdwards
DamianEdwards reviewed Jan 7, 2026
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Jan 7, 2026
Open
This was referenced Jan 8, 2026
Open
Open
Open
Open
BrennanConroy
BrennanConroy approved these changes Jan 8, 2026
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DamianEdwards DamianEdwards DamianEdwards approved these changes

Copilot code review Copilot Copilot left review comments

@BrennanConroy BrennanConroy BrennanConroy approved these changes

@halter73 halter73 Awaiting requested review from halter73

@adityamandaleeka adityamandaleeka Awaiting requested review from adityamandaleeka

Assignees

No one assigned

Labels

area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support to dotnet dev-certs for managing HTTPS certs in WSL

4 participants

@danegsta @DamianEdwards @BrennanConroy