Menu
Where are the certificate files located in linux when using the .NET Core 2 X509Store?
On Windows, the certificates are accessible from the management console certlm.msc or with New-SelfSignedCertificate in powershell. Using .NET APIs, certificates can be added by something like this on both Windows and linux
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
var cert = new X509Certificate2("cert.pfx", "1234");
store.Add(cert);
}
which can be accessed via X509Store.Certificates.Find().
But where do the files get stored and how can they be added via linux tools? e.g. a sys admin would be adding the certificates and an application will be only reading them.
460
Net Core framework the key selling point was it is a cross-platform framework, which mean't that now we can host our . Net application not only on Windows but on Linux too, so let's see how we can deploy .
Results are consistent with those obtained generating load from a computer connected through wire to the internet: the same ASP.NET Core application deployed in Linux and Docker is much faster than one deployed in Windows host (both inside Application Service Plan).
NET Core. The short answer is that on Linux, the LocalMachine/Root store can be opened in ReadOnly mode, and the certificates returned from that store come from the standard Linux system-global certificate directories.
The answer of @mbican is correct. the certificates are placed at
~/.dotnet/corefx/cryptography/x509stores/
I did not believe this one line answer without context and did not understand how he got there. That's why I want to share my findings as an answer for all the future visitors running in the same problem.
Use the pfx certificate file, you do NOT have to convert it to a pem or crt or something
Store the certificate with dotnet, so that you can see where the file is placed. A little C# command line:
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite))
{
store.Add(new X509Certificate2(
"./thePathToTheCert.pfx", "passwordOfTheCert",
X509KeyStorageFlags.PersistKeySet));
}
This created the folder ~/.dotnet/corefx/cryptography/x509stores/ and placed the certificate inside.
~/.dotnet/corefx/cryptography/x509stores/my/ThumbPrintOfTheCertificate.pfx
Hint: We used to use StoreLocation.LocalMachineon windows but when we run on linux there is no LocalMachine store, so we switched to StoreLocation.CurrentUser. You will get this error if you try LocalMachine: Unix LocalMachine X509Stores are read-only for all users.
Hope this helps someone.
68
~/.dotnet/corefx/cryptography/x509stores/
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
