Print warning when using certificate from %APPDATA%\ASP.NET\Https

[maloo]

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

When debugging an ASP.NET Core app that has an old certificate lingering in %APPDATA%\ASP.NET\Https Kestrel picks up this certificate without any warning to user and finding this certificate is not easy since the certificate is not in the normal certificate store in Windows. Also, dotnet dev-certs command doesn't warn about or clear this certificate when using the --clean/-trust to try and fix the certificate error.

Describe the solution you'd like

At least print a Warning in the log at startup when this special certificate is used instead of the normal dev cert.
Make dotnet dev-cert command print a warning about this when checking the dev-cert status and make --clean remove it.

Additional context

No response

[amcasey]

Since that's a supported way to specify the dev certificate, it would be hard to print a warning. We could certainly log something at Debug or possibly Information, if that would be helpful.

[amcasey]

I'd be a little nervous about making dev-certs --clean delete such a certificate since it doesn't, as far as I recall, put one there. That is, it could only be deleting a certificate created by another user or tool.

Do you happen to know how that certificate ended up there?

[amcasey]

And, as I suppose I should have begun, I'm sorry you were bitten by that - automatic functionality like that is frustrating to debug.

[maloo]

Anything you could do would be great. Right now it is terrible user experience. Printing Debjg/Info would be great. Having dev-certs warn you would be great. Add a warning in docs would be great.

Not sure where I got it from, I think it is related to IIS. In general I think it would be good if kestrel would print Info/Debug about what cert it picked for an endpoint.