How to fix "The provided certificate file is not a valid PFX file" with dotnet dev-certs https import on macOS
1 min read

How to fix "The provided certificate file is not a valid PFX file" with dotnet dev-certs https import on macOS

How to fix "The provided certificate file is not a valid PFX file" with dotnet dev-certs https import on macOS

This is a relly short post that addresses an error with dotnet dev-certs https --import on macOS.

You would typically use dotnet dev-certs https --trust to generate your ASP.NET development certificates and be done with it. But sometimes you need to generate your own certificate or share a certificate between several environments. Normally, you would import an external certificate with dotnet dev-certs https --clean --import, but unfortunately you get an error executing this command on macOS (at least at the time of writing on .NET SDK 6.0.202).

Assuming, you have your certificate exported to PFX format, you can import it manually with (replacing <CERT> with cert file name and <CERT_PASSWORD> with exported certificate password):

security import <CERT>.pfx \
  -k ${HOME}/Library/Keychains/login.keychain-db \
  -t cert -f pkcs12 -P <CERT_PASSWORD> -A

This is the exact command that dotnet dev-certs tries to perform, but fails.

Beware, that at this point your certificate is imported, but still not trusted. You can use standard dotnet dev-certs command to trust it:

dotnet dev-certs https --trust

If you want to dig deeper into ASP.NET development certificates, visit an excellent post by Chris Klug.