Add development certificate in Chrome browser (Windows)

After not finding a good resoure online and having to ask a colleague here is what he has told me to do:

  • Start the app in the browser. Instead of the app content Chrome displays a security warning “Your connection is not private”
  • Click on the “Not secure” field
  • Click on certificate
  • Select the “Details” tab
  • Click on “copy to file” button. The wizard opens
  • Safe certificate as a file (go with the defaults)
  • Next
  • Use the default format and save to a file of your choice.
  • Open the saved certificate file with doubleclick
  • Go with “Current User” and click next.
  • Add certificate to the windows certificate store. Make sure to select “Trusted Root Certification Authorities”. (Disclaimer: I don’t really like to add dev certificates to that store because they are definitely not CA Authorities, but the other stores do not seem to work. If you find a better way feel free to send me an email or Twitter message)
  • Finish the installation
  • Confirm security warning with yes. (like I said above. Please tell me if you have a better solution)
  • Restart Chrome and try again.
  • Chrome should be happy now, show the lock-symbol instead of the warning and load your application!

Automatic security updates for Microsoft NuGet packages?

I just tried to answer the question “How to ensure that my ASP.NET MVC 5 web app gets updated automatically when a severe security issue is found in a NuGet dependency”.

The best resources I have found on this topic:

Summary

  • Windows Update will update NuGet packages only for targeted security updates
  • Supported .NET version: 4.5.1. or newer
  • MS .NET NuGet packages treated as part of the .NET framework
  • Security update notifications are posted to .NET blog. Subscribe!
  • Microsoft Update records loaded MS assemblies on a machine to identify candidates for patching.
  • Apps using a vulnerable NuGet package will get served the patched Assembly via GAC Publisher Policy.

Conclusions

I am now more confident that using NuGet packages I get critical updates for my applications when needed when Windows Update is used.

But: I would like to see a more recent document about the treatment of Security issues in NuGet. (Pease leave a comment if you have something and I will update the post). And I would like to know why the NuGet package feed list is empty.