From 537fef462d29afe11971a44e320f121382a4bf73 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 29 Mar 2026 22:16:21 +0000 Subject: [PATCH 1/6] Update dotnet dev-certs doc for .NET 10 SANs Agent-Logs-Url: https://github.com/dotnet/docs/sessions/2920f9eb-68e7-4447-b9d5-0cc98278e858 Co-authored-by: DamianEdwards <249088+DamianEdwards@users.noreply.github.com> --- docs/core/tools/dotnet-dev-certs.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/core/tools/dotnet-dev-certs.md b/docs/core/tools/dotnet-dev-certs.md index 13c71aa0913d7..17138a98ae377 100644 --- a/docs/core/tools/dotnet-dev-certs.md +++ b/docs/core/tools/dotnet-dev-certs.md @@ -1,7 +1,8 @@ --- title: dotnet dev-certs command description: The dotnet dev-certs command generates a self-signed certificate to enable HTTPS use in development. -ms.date: 09/29/2025 +ms.date: 03/29/2026 +ai-usage: ai-assisted --- # dotnet dev-certs @@ -54,6 +55,18 @@ The `dotnet dev-certs` command manages a self-signed certificate to enable HTTPS By default, the newly created certificate is not trusted. To trust the certificate, use the `--trust` option. + In .NET 10 and later, the generated ASP.NET Core development certificate includes these subject alternative names (SANs), which lets you use the certificate in container-based local development scenarios: + + | Type | Value | + |--|--| + | DNS name | `localhost` | + | DNS name | `*.dev.localhost` | + | DNS name | `*.dev.internal` | + | DNS name | `host.docker.internal` | + | DNS name | `host.containers.internal` | + | IP address | `127.0.0.1` | + | IP address | `0000:0000:0000:0000:0000:0000:0000:0001` | + To create a file that you can use with other tools, use the `--export-path` option. ## Options @@ -137,6 +150,8 @@ The `dotnet dev-certs` command manages a self-signed certificate to enable HTTPS Trusts the certificate on the local machine. + In .NET 10 and later, if you run this option inside a Windows Subsystem for Linux (WSL) instance, the command also trusts the certificate on the Windows host. + If this option isn't specified, the certificate is added to the certificate store but not to a trusted list. When combined with the `--check` option, validates that the certificate is trusted. From a604bbc92555097188ebc0d05242535f0e3518cd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 29 Mar 2026 22:33:26 +0000 Subject: [PATCH 2/6] Clarify dev cert SAN guidance Agent-Logs-Url: https://github.com/dotnet/docs/sessions/ad4ef331-2cc7-435c-ab97-f78b690b968a Co-authored-by: DamianEdwards <249088+DamianEdwards@users.noreply.github.com> --- docs/core/tools/dotnet-dev-certs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/core/tools/dotnet-dev-certs.md b/docs/core/tools/dotnet-dev-certs.md index 17138a98ae377..fb330622cf226 100644 --- a/docs/core/tools/dotnet-dev-certs.md +++ b/docs/core/tools/dotnet-dev-certs.md @@ -55,7 +55,7 @@ The `dotnet dev-certs` command manages a self-signed certificate to enable HTTPS By default, the newly created certificate is not trusted. To trust the certificate, use the `--trust` option. - In .NET 10 and later, the generated ASP.NET Core development certificate includes these subject alternative names (SANs), which lets you use the certificate in container-based local development scenarios: + In .NET 10 and later, the generated ASP.NET Core development certificate includes these subject alternative names (SANs). The `*.dev.localhost` SAN lets you use the certificate with `*.dev.localhost` hostnames for local development. The `host.docker.internal` and `host.containers.internal` SANs let you use the certificate in container-based local development scenarios: | Type | Value | |--|--| From cba9e596c1c2106e6e70ee94b11226b18d94bc40 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 29 Mar 2026 22:33:56 +0000 Subject: [PATCH 3/6] Improve dev cert SAN wording Agent-Logs-Url: https://github.com/dotnet/docs/sessions/ad4ef331-2cc7-435c-ab97-f78b690b968a Co-authored-by: DamianEdwards <249088+DamianEdwards@users.noreply.github.com> --- docs/core/tools/dotnet-dev-certs.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/core/tools/dotnet-dev-certs.md b/docs/core/tools/dotnet-dev-certs.md index fb330622cf226..c7fe8eac4c784 100644 --- a/docs/core/tools/dotnet-dev-certs.md +++ b/docs/core/tools/dotnet-dev-certs.md @@ -55,7 +55,9 @@ The `dotnet dev-certs` command manages a self-signed certificate to enable HTTPS By default, the newly created certificate is not trusted. To trust the certificate, use the `--trust` option. - In .NET 10 and later, the generated ASP.NET Core development certificate includes these subject alternative names (SANs). The `*.dev.localhost` SAN lets you use the certificate with `*.dev.localhost` hostnames for local development. The `host.docker.internal` and `host.containers.internal` SANs let you use the certificate in container-based local development scenarios: + In .NET 10 and later, the generated ASP.NET Core development certificate includes these subject alternative names (SANs). + + The `*.dev.localhost` SAN lets you use the certificate with `*.dev.localhost` hostnames for local development. The `host.docker.internal` and `host.containers.internal` SANs let you use the certificate in container-based local development scenarios: | Type | Value | |--|--| From 8d9065b47c1174daace7382b2e0e04a7f8f6e27e Mon Sep 17 00:00:00 2001 From: Damian Edwards Date: Sun, 29 Mar 2026 15:57:57 -0700 Subject: [PATCH 4/6] Update docs/core/tools/dotnet-dev-certs.md --- docs/core/tools/dotnet-dev-certs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/core/tools/dotnet-dev-certs.md b/docs/core/tools/dotnet-dev-certs.md index c7fe8eac4c784..45b86ae20c44f 100644 --- a/docs/core/tools/dotnet-dev-certs.md +++ b/docs/core/tools/dotnet-dev-certs.md @@ -57,7 +57,7 @@ The `dotnet dev-certs` command manages a self-signed certificate to enable HTTPS In .NET 10 and later, the generated ASP.NET Core development certificate includes these subject alternative names (SANs). - The `*.dev.localhost` SAN lets you use the certificate with `*.dev.localhost` hostnames for local development. The `host.docker.internal` and `host.containers.internal` SANs let you use the certificate in container-based local development scenarios: + The `*.dev.localhost` and `*.dev.internal` SANs lets you use the certificate with `*.dev.localhost` and `*.dev.internal` hostnames for local development. The `host.docker.internal` and `host.containers.internal` SANs let you use the certificate in container-based local development scenarios: | Type | Value | |--|--| From 20809641a74902d88450105a8d308fb0374bda6f Mon Sep 17 00:00:00 2001 From: Damian Edwards Date: Sun, 29 Mar 2026 15:58:29 -0700 Subject: [PATCH 5/6] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- docs/core/tools/dotnet-dev-certs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/core/tools/dotnet-dev-certs.md b/docs/core/tools/dotnet-dev-certs.md index 45b86ae20c44f..c14220005ca9b 100644 --- a/docs/core/tools/dotnet-dev-certs.md +++ b/docs/core/tools/dotnet-dev-certs.md @@ -60,7 +60,7 @@ The `dotnet dev-certs` command manages a self-signed certificate to enable HTTPS The `*.dev.localhost` and `*.dev.internal` SANs lets you use the certificate with `*.dev.localhost` and `*.dev.internal` hostnames for local development. The `host.docker.internal` and `host.containers.internal` SANs let you use the certificate in container-based local development scenarios: | Type | Value | - |--|--| + | --- | --- | | DNS name | `localhost` | | DNS name | `*.dev.localhost` | | DNS name | `*.dev.internal` | From 69bc2a30ee3ada55b407ef30deb03521dad743f3 Mon Sep 17 00:00:00 2001 From: Bill Wagner Date: Mon, 30 Mar 2026 07:59:43 -0400 Subject: [PATCH 6/6] Update docs/core/tools/dotnet-dev-certs.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>