From 1dcbca79f9884fdd2424231838e2d7e093d7b521 Mon Sep 17 00:00:00 2001
From: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Date: Mon, 9 Sep 2024 13:15:52 -1000
Subject: [PATCH] WN: certs /5 (#33564)

* WN: certs /5

* WN: certs /5

* WN: certs /5

* WN: certs /5

* react to feedback

* react to feedback

* react to feedback

* react to feedback

* react to feedback

* react to feedback

* Update aspnetcore/release-notes/aspnetcore-9/includes/trust_dev_cert_linux.md

Co-authored-by: Andrew Casey <amcasey@users.noreply.github.com>

---------

Co-authored-by: Andrew Casey <amcasey@users.noreply.github.com>
---
 .../includes/trust_dev_cert_linux.md          | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 aspnetcore/release-notes/aspnetcore-9/includes/trust_dev_cert_linux.md

diff --git a/aspnetcore/release-notes/aspnetcore-9/includes/trust_dev_cert_linux.md b/aspnetcore/release-notes/aspnetcore-9/includes/trust_dev_cert_linux.md
new file mode 100644
index 0000000000..cdac747d54
--- /dev/null
+++ b/aspnetcore/release-notes/aspnetcore-9/includes/trust_dev_cert_linux.md
@@ -0,0 +1,22 @@
+<!-- 
+[!INCLUDE[](~/release-notes/aspnetcore-9/includes/trust_dev_cert_linux.md)]
+-->
+#### Trust the ASP.NET Core HTTPS development certificate on Linux
+
+On Ubuntu and Fedora based Linux distros, `dotnet dev-certs https --trust` now configures ASP.NET Core HTTPS development certificate as a trusted certificate for:
+
+* Chromium browsers, for example, Google Chrome, Microsoft Edge, and Chromium.
+* Mozilla Firefox and Mozilla derived browsers.
+* .NET APIs, for example, [HttpClient](/dotnet/api/system.net.http.httpclient)
+
+Previously, `--trust` only worked on Windows and macOS. Certificate trust is applied per-user.
+
+To establish trust in OpenSSL, the `dev-certs` tool:
+
+* Puts the certificate in `~/.aspnet/dev-certs/trust`
+* Runs a simplified version of OpenSSL's [c_rehash tool](https://docs.openssl.org/1.0.2/man1/c_rehash/) on the directory.
+* Asks the user to update the `SSL_CERT_DIR` environment variable.
+
+To establish trust in dotnet, the tool puts the certificate in the `My/Root` certificate store.
+
+To establish trust in [NSS databases](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/developer_guide/che-nsslib), if any, the tool searches the home directory for Firefox profiles, `~/.pki/nssdb`, and `~/snap/chromium/current/.pki/nssdb`. For each directory found, the tool adds an entry to the `nssdb`.