Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Install certificate in dotnet core docker container

Previously our application ran on .net framework and we used powershell to install our certificate into the certificate store by running the following command:

RUN powershell -NoProfile -Command \ $Secure_String_Pwd = ConvertTo-SecureString "ourverysecretpassword" -AsPlainText -Force ; \ Import-PfxCertificate -FilePath /cert.pfx -CertStoreLocation Cert:\LocalMachine\Root -Exportable -Password $Secure_String_Pwd

but now we have transferred our code to .netcore, the above command wont work in the dockerfile anymore.

Any idea on how to install an existing .pfx certificate via the dockerfile into the docker container?

[EDIT] Im trying to run my container on windows, here is the complete dockerfile, maybe its just that i use the wrong image:

This is the entire docker file:

FROM microsoft/dotnet

COPY ./Web /app/

COPY cert.pfx /cert.pfx

RUN powershell -NoProfile -Command \
 $Secure_String_Pwd = ConvertTo-SecureString "againourverysecretpassword" -
AsPlainText -Force ; \
 Import-PfxCertificate -FilePath /cert.pfx  -CertStoreLocation 
 Cert:\LocalMachine\Root -Exportable -Password $Secure_String_Pwd

WORKDIR /app

EXPOSE 5000 
ENTRYPOINT ["dotnet", "myhost.dll"]

Anyhow it fails on the run powershell command, saying: 'powershell' is not recognized as an internal or external command, operable program or batch file.

like image 910
M. Berkhof Avatar asked Mar 07 '18 14:03

M. Berkhof


People also ask

Where are certificates stored in docker container?

A custom certificate is configured by creating a directory under /etc/docker/certs.

Where does .NET store certificates?

NET 7.0, the certificate is stored in the user key chain and as a PFX file: ~/. aspnet/https-aspnetcore-localhost-<Thumbprint[0.. 5]>. pfx.


1 Answers

Is your Docker container running on Linux?

I assume that it is. Then your base image should be microsoft/aspnetcore, which is based on Ubuntu.

You should add this in your DOCKERFILE:

COPY ca_bundle.crt /usr/local/share/ca-certificates/your_ca.crt
RUN update-ca-certificates

First line copies your CA bundle into the image, the second line updates the CA list.

The CA bundle (the list of authorities that signed your certificate) can be extracted from PFX, just Google for it. This is the first link I found.

If your container is running on Windows, then Powershell command should work as-is (I'm not sure about that)

like image 157
Mario Cianciolo Avatar answered Oct 24 '22 09:10

Mario Cianciolo