Asp.Net-Core Application in docker over https

After trying around a bunch more, I ended up re-doing the whole certification process again. Only this time, I went with openssl all the way.

I'll briefly outline my steps for anyone facing the same problem:

I followed this post to the letter.

This way I've set up a CA certificate that I can trust in both Windows and Linux (Docker) environments, called cacert.crt. I've then created a certificate signing request as outlined in the linked answer, used the CA certificate to sign it and obtain a valid SSL certificate, called servercert.pfx. The guide only specified .pem files, but converting between the formats using the openssl cli tool is really easy.

I've then checked in both into my source control and edited my dockerfile and compose file.

I then installed the cacert.crt into my local machine's cert store under the trusted root authorities category.

In the dockerfile I put the following right before the ENTRYPOINT:

COPY ["servercert.pfx", "/https/servercert.pfx"]
COPY ["cacert.crt", "/usr/local/share/ca-certificates/cacert.crt"]
RUN update-ca-certificates

In the docker-compose.yml I put the following under environment:

 - ASPNETCORE_URLS=https://0.0.0.0:5000
 - ASPNETCORE_HTTPS_PORT=5000
 - ASPNETCORE_Kestrel__Certificates__Default__Password={YourPw}
 - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/servercert.pfx

The actual port number as well as the value for the password have to be adapted as needed, obviously.

This solved all my problems. All browsers are now happily navigating with no SSL errors to https://localhost:5000 which is serving from within docker. I can also connect to the docker container and run $ curl https://localhost:5000 and $ curl https://dockerDnsName:5000 with no problem. This also fixed all problems with HttpClient.


Some additional info to Jejuni's answer.

Converted .pem file into .pfx with

sudo openssl pkcs12 -export -out servercert.pfx -inkey serverkey.pem -in servercert.pem

Also had to edit its availability

sudo chmod +r servercert.pfx

On Arch Linux, I added the cacert to trusted sources

sudo trust anchor --store cacert.pem

Finally, after several misguided guides across the internet, HTTPS on localhost is working like it should.

Tags:

Docker

C#

Ssl Certificate

Asp.Net Core

Related

Node JS HTTP Proxy hanging up Android Studio 3.6 Test framework quit unexpectedly, Crash of orchestrator Line density heatmap in R React: Deep requiring is deprecated as of uuid, Please require the top-level module How to updating dependencies of dependencies using npm Airflow running python files fails due to python: can't open file Inconsistent truncation of unsigned bitfield integer expressions between C++ and C in different compilers How to accept an async function as an argument? The .NET Core SDK cannot be located. .NET Core debugging will not be enabled. Make sure the .NET Core SDK is installed and is on the path Should you assert not null with the assert statement in production code? Equivalent of fst and snd for F# struct tuples? "Enable the experimental WSL 2 based engine" not selectable

Recent Posts