Create a page describing how to setup HTTPS

[danroth27]

• How to create the certificate cross platform?
• How to configure Kestrel to use that certificate in production/development?
• How to make sure that certificate is trusted by the browser during development (like we do with the IIS Express certificate)?
• Provide URL for fwlink

Skype meeting with Dan and Javier on outline

javiercn to review.

• provide URL for .NET Core CLI fwlink that tells how to trust cert, how to set up HTTPS go here See 2:40 in video see 2.1 Improvements to HTTPS #5393

Edit:
This needs to go in Enforce HTTPS in an ASP.NET Core
The first time you run dotnet after installing the SDK you get this message
Successfully installed the ASP.NET Core HTTPS Development Certificate.
To trust the certificate run 'dotnet dev-certs https --trust' (Windows and macOS only). For establishing trust on other platforms please refer to the platform specific documentation.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.

[danroth27]

@Rick-Anderson edit: Copied this to new issue #6199

We also need to cover how to setup the dev certificate when using Docker in development:

• Create an application on Visual Studio using the MVC template.
• Run the app to ensure its working.
• Add docker support for the application through the tooling.
• Modify the dockerfile to expose the port 443 with
  EXPOSE 443
• Modify the docker-compose override file to map ports, volumes and environement variables as follows (this will all be unnecessary after docker tooling has support for HTTPS):

    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://localhost;http://localhost
      - ASPNETCORE_HTTPS_PORT=44349
    ports:
    # Replace the values on the left by the values on your launchSettings.json
      - "51217:80"
      - "44349:443"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https/

• Export the HTTPS certificate into a PFX file using the dev-certs global tool to %APPDATA%/ASP.NET/Https/<>.pfx using a password of your choice (recommended password new-guid on powershell)
• On your project, open user secrets and add the following configuration keys:

{
    "Kestrel":{
        "Certificates":{
            "Default":{
                "Path":     "/root/.aspnet/https/<AppName>>.pfx",
                "Password": "<<Your-Password>>"
            }
        }
    }
}

• Run your application within the container.
• Navigate to the HTTP endpoint on your application
  • You should not see any warning about the HTTPS certificate being invalid.
  • You should be redirected to the HTTPS endpoint automatically.

[javiercn]

@richlander Did a great job covering this for the docker images and samples, so you should definitely reuse his doc and expand a bit on it. https://github.com/dotnet/dotnet-docker/pull/545/files

[Rick-Anderson]

Per @javiercn
We need to have a doc on how to do it with the tool and also how to do it manually in a platform idiomatic way on each platform.

• powershell/trust cert store in windows
• openssl/keychain on OSX
• openssl/<> on Linux (At least Ubuntu, RedHat if possible)

[Rick-Anderson]

@scottaddie can you put this on your priority list?

[scottaddie]

@Rick-Anderson I have some more eBook work to do today, but I can look at it next week.

[ma1f]

I describe how to setup a base docker image for dotnet core 2.2 with https & http/2 (as well as brotli) here - https://medium.com/@ma1f/docker-dotnet-3d979f56efe6
key environment settings as follows - no need to setup listener in startup with ports etc.

ENV Kestrel:Certificates:Default:Path=/etc/ssl/private/cert.pfx
ENV Kestrel:Certificates:Default:Password=changeit
ENV Kestrel:Certificates:Default:AllowInvalid=true
ENV Kestrel:EndPointDefaults:Protocols=Http1AndHttp2