Docker install root certificate

Question

I have a dotnetcore web.api application that runs in docker. I'm using the windows version and not the linux version. I'm using the image microsoft/dotnet:2.1-aspnetcore-runtime-nanoserver-1709

This application calls an external api (https) and I get an error saying the SSL verification failed. After some googling I found out that my enterprise's root certificate must also be available in the container.

I tried it first with Powershell using the Import-Certificate command. But this failed. It seems Powershell is not present in the image. I then found this blogpost. But Certoc is also not present on the image and I can't find a place where to download this.

Is there a way to install the certificate using the image microsoft/dotnet? Or do i have to use the microsoft/windowsservercore image?

nope. Used a linux container instead and copied the root cert to default location (/etc/ssl/certs/cacert) — Sebastian S, Mar 22 '22 at 12:12

score -2 · Answer 1 · answered Sep 27 '18 at 17:15

-2

I might be misunderstanding the need, but if you have the certificate file you can COPY it to the docker container.

Add the (something).cert file to your project
In your Dockerfile add the line
COPY ./(something).cert (path/to/cert/location/in/container)
Start your docker container

Let me know if I can clarify anything in my answer i'm happy to update it.

answered Sep 27 '18 at 17:15

Danoweb

423
2
9

doesn't a certificate need to be installed? I didn't know you can just copy it somewhere. I thought those things were registered in the registry. and where would I copy it to? I need my enterprise root certificate in the container so the call I make to my other api (https and not running in docker) from within the container can verify the ssl connection that needs to be made – Sebastian S Sep 30 '18 at 13:20
In windows the process is alittle more UI registry focused as you mention. Hoever containers are linux based, and that means having a file in the expected location. Here is another S.O. post about the same thing and you can see the solution worked for them as well. Having the `.crt` file in the right location (and permissions) is all it take in linux. -- https://stackoverflow.com/questions/42292444/how-do-i-add-a-ca-root-certificate-inside-a-docker-image – Danoweb Sep 30 '18 at 19:42
Yeah, but I'm using a windows container and not a linux container. Every example I find is how you do it in a linux container and not a windows container. – Sebastian S Oct 02 '18 at 09:38
-1 because in Windows containers you don't get a `/path/to/cert/location` that _just works_. You have to somehow add the certificate to the Trusted Root Certification Authorities. – Steven Liekens Nov 21 '18 at 10:15

Docker install root certificate

1 Answers1