This took way too long to figure out:
- go to your dotnet project
- run
dotnet dev-certs https --format PEM -ep server.crtnote name dose not matter - cat that out and copy it to your clip board
cat server.crtor pipe to clip
in your nixos config:
security.pki.certificates= [
''
-----BEGIN CERTIFICATE-----
past her in
-----END CERTIFICATE-----
''
];
do a sudo nixos-rebuild switch might need to reboot, on your next dotnet run you will still see the warning saying your cert is not trusted this can be ignored
note this is only for service to service, for chrome or anything like that you will need to deal with this differently I strongly recommend doing chromium --allow-insecure-localhost localhostURL to deal with that
So why does this one work and not the other one?
Well this comment seems to mention how certificateFiles requries a Certificate Authority (CA) but these dev certs do not have them, so somehow some way self-signed certs work with this config option and not the other (check the comment there might be an explanation there)