Menu
I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.
In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.
How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?
326
You can perform this with the following command: sudo update-ca-certificates . You will notice that the command reports it has installed certificates if required (up-to-date installations may already have the root certificate).
The default location to install certificates is /etc/ssl/certs .
Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.
Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.
This is done by (+ Dockerfile examples):
Copying the the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ or on RHEL /etc/pki/ca-trust/source/anchors/:
COPY myca.crt /usr/local/share/ca-certificates/
Invoking update-ca-certificates:
RUN update-ca-certificates
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
