For Linux and Mac .NET CORE will use OpenSSL.

command to generate a private key and a certificate signing request:

openssl req -config https.config -new -out csr.pem

command to create a self-signed certificate:

openssl x509 -req -days 365 -extfile https.config -extensions v3_req -in csr.pem -signkey key.pem -out https.crt

command to generate a pfx file containing the certificate and the private key that you can use with Kestrel:

openssl pkcs12 -export -out https.pfx -inkey key.pem -in https.crt -password pass:<password>

After that Trust the certificate

This step is optional, but without it the browser will warn you about your site being potentially unsafe. You will see something like the following if you browser doesn’t trust your certificate:

There is no centralized way of trusting the a certificate on Linux so you can do one of the following:

1. Exclude the URL you are using in your browsers exclude list

2. Trust all self-signed certificates on localhost

3. Add the https.crt to the list of trusted certificates in your browser.

How exactly to achieve this depends on your browser/distro.

You can also reference the complete Kestrel HTTPS sample app

or Follow this Blog Configuring HTTPS in ASP.NET Core across different platforms

.Net Core uses OpenSSL on Linux, as a result, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.

You can do this by two ways:

1. Copying the the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ oron RHEL /etc/pki/ca-trust/source/anchors/:

   COPY myca.crt /usr/local/share/ca-certificates/
   

2. Invoking update-ca-certificates:

   RUN update-ca-certificates