I came across this particular issue when my Mac’s account was changed from a domain associated account to a local user account.

Among many other things, my dotnet aspnet core web api was failing to run at the start with the error that said “Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.”. The output also has friendly message telling you exactly what to do as well.

To generate a developer certificate run ‘dotnet dev-certs https’. To trust the certificate (Windows and macOS only) run ‘dotnet dev-certs https —trust’.

Running the command dotnet dev-certs https however returned a message that said “A valid HTTPS certificate is already present.”.

You will also get to know that the user profile location is at ~/.aspnet/DataProtection-Keys. For me, this location already had a few key-_.xml files. So, I did made the decision to delete the files. Ran the dev-certs https command again. But again I got the message saying the “A valid HTTPS certificate is already present”. I found there was an option that you could pass to the dotnet dev-certs https command, the --clean option. When I ran this, I got the message “Cleaning HTTPS development certificates from the machine.”. But, I could find the key-_.xml files again in the ~/.aspnet/DataProtection-Keys directory.

Turns out, that you will need to delete the certificate from the Keychain Access manually as well in order to completely remove the self-signed certificates for localhost.

Running dotnet dev-certs https command creates a localhost certificate in your logins section in the Keychain Access app.

Screenshot of Keychain Access on Mac - Before Screenshot of Keychain Access on Mac - Before

Running dotnet dev-certs https --trust command creates a trusted root certificate into your System’s store.

Screenshot of Keychain Access on Mac - After Screenshot of Keychain Access on Mac - After

So, if you run into this same issue, make sure to delete the certificate from your system Certificates store and also from the login keyschain. And run dotnet dev-certs https command followed by dotnet dev-certs https --trust command.