Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

About

Asked 24/5, 2017 at 13:27 Answered 24/5, 2017 at 13:40

Solved ssl ssl-certificate .net-core redhat root-certificate

I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.

In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.

How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?

Abject answered 24/5, 2017 at 13:27 Comment(0)

Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.

This is done by (+ Dockerfile examples):

Copying the the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ or on RHEL /etc/pki/ca-trust/source/anchors/:
```
 COPY myca.crt /usr/local/share/ca-certificates/
```
Invoking update-ca-certificates:
```
 RUN update-ca-certificates
```

Melodee answered 24/5, 2017 at 13:40 Comment(3)

Thanks: this got me in the right direction! The folders and commands in RHEL are a little different: /etc/pki/ca-trust/source/anchors/ for copying the certificate and update-ca-trust for updating the truststores. – Abject 26/5, 2017 at 10:54

Ah yes I forgot to check that distro, updated answer a little – Melodee 26/5, 2017 at 10:57

thank you so much for this! i've been trying to do something like this for years and this was absolutely painless! – Enclosure 30/10, 2021 at 19:33

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags