dotnet-dev-certs-plus 0.0.2

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet tool install --global dotnet-dev-certs-plus --version 0.0.2
This package contains a .NET tool you can call from the shell/command line. 
dotnet new tool-manifest
                    


                            if you are setting up this repo
                        

                    

                
dotnet tool install --local dotnet-dev-certs-plus --version 0.0.2
This package contains a .NET tool you can call from the shell/command line. 
#tool dotnet:?package=dotnet-dev-certs-plus&version=0.0.2
                    


                    

                
nuke :add-package dotnet-dev-certs-plus --version 0.0.2

dotnet-dev-certs-plus

CI NuGet License .NET

Extended functionality for the dotnet dev-certs command, including machine store and WSL support. This tool is a drop-in replacement for dotnet dev-certs https - all standard options are supported by passing through to the underlying command.

Installation

dotnet tool install --global dotnet-dev-certs-plus

Features

Full dotnet dev-certs https Compatibility

All standard dotnet dev-certs https options are supported. When no extended options (--store or --wsl) are specified, commands pass through directly to dotnet dev-certs https:

# Check if certificate exists
dotnet dev-certs-plus https --check

# Create and trust certificate
dotnet dev-certs-plus https --trust

# Export certificate to a file
dotnet dev-certs-plus https --export-path ./cert.pfx --password mypassword

# Export as PEM without password
dotnet dev-certs-plus https --export-path ./cert.pem --format Pem --no-password

# Import a certificate
dotnet dev-certs-plus https --import ./cert.pfx --password mypassword

# Clean all certificates
dotnet dev-certs-plus https --clean

# Check with machine-readable output
dotnet dev-certs-plus https --check-trust-machine-readable

Machine Store Support (--store machine)

Import the ASP.NET Core HTTPS development certificate to the system-wide certificate store. This is useful for:

  • Running ASP.NET Core applications as services
  • Scenarios where the certificate needs to be available machine-wide
  • Development with IIS or other services running under different user accounts
# Import to machine store
dotnet dev-certs-plus https --store machine

# Import and trust
dotnet dev-certs-plus https --store machine --trust

# Check if certificate exists in machine store
dotnet dev-certs-plus https --store machine --check

# Check if certificate exists and is trusted
dotnet dev-certs-plus https --store machine --check --trust

# Get certificate status as JSON (for automation)
dotnet dev-certs-plus https --store machine --check-trust-machine-readable

# Remove certificate from machine store
dotnet dev-certs-plus https --store machine --clean

# Remove without confirmation prompt
dotnet dev-certs-plus https --store machine --clean --force

Note: Machine store operations require elevated privileges (Administrator on Windows, sudo on Linux/macOS).

Platform-specific behavior
Platform Import Location Trust Location
Windows LocalMachine\My store LocalMachine\Root store
Linux /usr/local/share/ca-certificates/ Same (runs update-ca-certificates)
macOS System Keychain System Keychain with trust settings

WSL Support (--wsl)

Import the ASP.NET Core HTTPS development certificate from your Windows host into a WSL distribution. This enables HTTPS development scenarios where you're running .NET applications inside WSL but want to use the same certificate as your Windows host.

# Import to default WSL distribution
dotnet dev-certs-plus https --wsl

# Import and trust in WSL
dotnet dev-certs-plus https --wsl --trust

# Import to a specific WSL distribution
dotnet dev-certs-plus https --wsl ubuntu

# Import and trust in a specific distribution
dotnet dev-certs-plus https --wsl ubuntu --trust

# Check certificate status in WSL
dotnet dev-certs-plus https --wsl --check

# Check in specific distribution
dotnet dev-certs-plus https --wsl ubuntu --check --trust

# Get certificate status as JSON (for automation)
dotnet dev-certs-plus https --wsl --check-trust-machine-readable

# Remove certificate from default WSL distribution
dotnet dev-certs-plus https --wsl --clean

# Remove certificate from specific distribution
dotnet dev-certs-plus https --wsl ubuntu --clean

# Remove without confirmation prompt
dotnet dev-certs-plus https --wsl --clean --force

Note: The dotnet CLI must be installed in the WSL distribution.

Command Reference

dotnet dev-certs-plus https [options]

Standard Options (passed through to dotnet dev-certs https):
  -ep, --export-path <path>       Full path to the exported certificate
  -p, --password <password>       Password for PFX export or PEM key encryption
  -np, --no-password              No password for PEM export
  --format <Pfx|Pem>              Export format (default: Pfx)
  -i, --import <path>             Import certificate from file
  -c, --check                     Check certificate status (don't create)
  --clean                         Remove all HTTPS development certificates
  -t, --trust                     Trust the certificate
  -v, --verbose                   Display more debug information
  -q, --quiet                     Display warnings and errors only
  --check-trust-machine-readable  Output check --trust results as JSON

Extended Options:
  --store <machine>               Import cert to the machine store
  --wsl [<distro>]                Import cert to WSL distro (Windows only)
  --force                         Skip confirmation prompt when cleaning
  --check-update                  Check if a new version is available

  -h, --help                      Show help

Update Checking

The tool automatically checks for updates in the background and notifies you when a new version is available:

⚠ A new version of dotnet-dev-certs-plus is available: 1.0.0
  Update with: dotnet tool update -g dotnet-dev-certs-plus

How It Works

  • A background check runs at most once every 15 minutes
  • State is stored in ~/.dotnet-dev-certs-plus/
  • Update notifications appear after command execution (not in quiet mode)

Manual Check

dotnet dev-certs-plus https --check-update

Disable Update Checking

Set the environment variable to disable all update checking:

# Windows PowerShell
$env:DOTNET_DEV_CERTS_PLUS_DISABLE_UPDATE_CHECK = "1"

# Linux/macOS
export DOTNET_DEV_CERTS_PLUS_DISABLE_UPDATE_CHECK=1

Version Sources

Your Build Type Checked Sources
Dev build (dev. in version) GitHub Packages + NuGet.org
Pre-release NuGet.org only
Stable NuGet.org only

Note: Dev build checks require GitHub authentication via GITHUB_TOKEN environment variable or gh CLI.

Exit Codes

Code Description
0 Success
1 General error
2 Certificate not found (with --check)
3 Certificate not trusted (with --check --trust)
4 dotnet not available in WSL

Technical Details

Machine Store

  1. Checks if the dev certificate exists on the host, creating it if necessary
  2. Exports the certificate to a temporary file
  3. Imports to the system certificate store:
    • Windows: LocalMachine\My store (with private key)
    • Linux: /usr/local/share/ca-certificates/ as PEM
    • macOS: System Keychain
  4. If --trust is specified:
    • Windows: Also imports to LocalMachine\Root store (without private key)
    • Linux: Runs update-ca-certificates to update system trust
    • macOS: Adds trust settings for SSL
  5. Cleans up the temporary file

WSL

  1. Checks if the dev certificate exists on the Windows host, creating it if necessary
  2. Exports the certificate to a temporary file
  3. Runs dotnet dev-certs https --import inside the WSL distribution
  4. If --trust is specified, includes --trust in the WSL command
  5. Cleans up the temporary file

Requirements

  • .NET 10 SDK or later
  • Elevated privileges for machine store operations:
    • Windows: Run as Administrator
    • Linux: Use sudo (requires update-ca-certificates command)
    • macOS: Use sudo (uses security command)
  • Windows only for WSL features
  • WSL with .NET SDK installed (for WSL features)

License

MIT

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last Updated
0.0.2 116 1/26/2026
0.0.2-pre.1.rel 51 1/26/2026
0.0.1 91 1/26/2026
0.0.1-pre.11.rel 57 1/26/2026
0.0.1-pre.10.rel 55 1/24/2026
0.0.1-pre.9.rel 56 1/24/2026
0.0.1-pre.8.rel 56 1/24/2026
0.0.1-pre.7.rel 54 1/24/2026
0.0.1-pre.6.rel 59 1/23/2026
0.0.1-pre.5.rel 50 1/23/2026
0.0.1-pre.4.rel 53 1/23/2026
0.0.1-pre.3.rel 51 1/23/2026
0.0.1-pre.2.rel 55 1/23/2026