11

I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.

In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.

How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?

MADMap
  • 3,132
  • 3
  • 25
  • 31

1 Answers1

19

Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.

This is done by (+ Dockerfile examples):

  1. Copying the the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ or on RHEL /etc/pki/ca-trust/source/anchors/:

     COPY myca.crt /usr/local/share/ca-certificates/

  2. Invoking update-ca-certificates:

     RUN update-ca-certificates
jeremyh
  • 5,233
  • 3
  • 23
  • 19
Martin Ullrich
  • 94,744
  • 25
  • 252
  • 217
  • 2
    Thanks: this got me in the right direction! The folders and commands in RHEL are a little different: /etc/pki/ca-trust/source/anchors/ for copying the certificate and update-ca-trust for updating the truststores. – MADMap May 26 '17 at 10:54
  • Ah yes I forgot to check that distro, updated answer a little – Martin Ullrich May 26 '17 at 10:57
  • thank you so much for this! i've been trying to do something like this for years and this was absolutely painless! – opticks Oct 30 '21 at 19:33