Using dotnet dev-certs with aspnet docker image

Question

You can use dotnet dev-certs https to generate a self-signed certificate for use with ASP.NET as this dockerfile demontrates

FROM mcr.microsoft.com/dotnet/sdk:5.0 as build
WORKDIR /src
RUN dotnet new webapi -o app
RUN dotnet dev-certs https
RUN dotnet publish -o out app/app.csproj
ENV ASPNETCORE_URLS="https://*:443;http://*:80"
WORKDIR /app
RUN cp -r /src/out/* .
CMD ["dotnet", "app.dll"]

I would like to base my final image on the aspnet image though. So I change it to

FROM mcr.microsoft.com/dotnet/sdk:5.0 as build
WORKDIR /src
RUN dotnet new webapi -o app
RUN dotnet dev-certs https
RUN dotnet publish -o out app/app.csproj

FROM mcr.microsoft.com/dotnet/aspnet:5.0 as final
ENV ASPNETCORE_URLS="https://*:443;http://*:80"
WORKDIR /app
COPY --from=build /src/out .
CMD ["dotnet", "app.dll"]

I can build that, but when I run it, it fails because it can't find the certificate. I can't run dotnet dev-certs https in the final image, because the dev-certs command is only part of the SDK and not the aspnet image. I'd like to copy over the certificate to the final image, but I don't know where dotnet dev-certs https stores it and I can't find any documentation about it.

How do I solve this, so my image is based on aspnet and can accept requests over https?

Answer 1

After poking around, I found the certificate in /root/.dotnet/corefx/cryptography/x509stores/my/

Adding

COPY --from=build /root/.dotnet/corefx/cryptography/x509stores/my/* /root/.dotnet/corefx/cryptography/x509stores/my/

to the final image solved the issue.