ssl - Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

Question

Welcome To Ask or Share your Answers For Others

ssl - Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

posted Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

ssl - Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.

In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.

How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-17T03:07:48+0000

Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.

This is done by (+ Dockerfile examples):

Copying the the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ or on RHEL /etc/pki/ca-trust/source/anchors/:
```
 COPY myca.crt /usr/local/share/ca-certificates/
```
Invoking update-ca-certificates:
```
 RUN update-ca-certificates
```

Categories

ssl - Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

ssl - Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags