Open Closed

MacOS Sequoia cannot run OpenIddict Authserver #8115


User avatar
0
sjc created
  • ABP Framework version: v7.3.3 and v8.3.0

  • UI Type: Angular

  • Database System: EF Core (PostgresQL)

  • Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server Seperated

  • Exception message and full stack trace:

An error has occurred generating the certificate: Interop+AppleCrypto+AppleCommonCryptoCryptographicException: The specified item is no longer valid. It may have been deleted from the keychain. at Interop.AppleCrypto.X509CopyWithPrivateKey(SafeSecCertificateHandle certHandle, SafeSecKeyRefHandle privateKeyHandle, SafeKeychainHandle targetKeychain) at System.Security.Cryptography.X509Certificates.AppleCertificatePal.CopyWithPrivateKey(SafeSecKeyRefHandle privateKey) at System.Security.Cryptography.X509Certificates.AppleCertificatePal.CopyWithPrivateKey(RSA privateKey) at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.CopyWithPrivateKey(X509Certificate2 certificate, RSA privateKey) at System.Security.Cryptography.X509Certificates.CertificateRequest.CreateSelfSigned(DateTimeOffset notBefore, DateTimeOffset notAfter) at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.CreateSelfSignedCertificate(X500DistinguishedName subject, IEnumerable`1 extensions, DateTimeOffset notBefore, DateTimeOffset notAfter) at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.CreateAspNetCoreHttpsDevelopmentCertificate(DateTimeOffset notBefore, DateTimeOffset notAfter) at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.EnsureAspNetCoreHttpsDevelopmentCertificate(DateTimeOffset notBefore, DateTimeOffset notAfter, String path, Boolean trust, Boolean includePrivateKey, String password, CertificateKeyExportFormat keyExportFormat, Boolean isInteractive).

  • Steps to reproduce the issue:

Use MacOS Sequoia. Run a fresh ABP commercial server with openiddict configured.

Related:

  • https://github.com/dotnet/runtime/issues/106775
  • https://github.com/dotnet/announcements/issues/324

Given the latest updates to MacOS, it is now impossible to read any sort of certs. This is because ABP is using the X509 certificate encryption under the hood.

Is there anything that can be implemented into ABP to allow our certs to work?


3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can check this https://github.com/abpframework/abp/issues/20920

  • User Avatar
    0
    sjc created

    Hi,

    You can check this https://github.com/abpframework/abp/issues/20920

    Unfortunately abp/dotnet 7 does not have AddProductionEncryptionAndSigningCertificate. Is there any other way?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Unfortunately no, because it's Microsoft's bug and there's nothing ABP can do, you can try upgrade your project.

Made with ❤️ on ABP v9.1.0-preview. Updated on January 02, 2025, 07:06