Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

Question

Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

I am currently deploying .net-core web-api for a docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https, and these hosts use certificates signed by self-supporting root certificates.

In this constellation, I get ssl-errors when calling these services (ssl-not valid), and therefore I need to install this root certificate in a docker container or somehow use the root certificate in a .net-core application.

How can I do that? Is there any best practice to deal with this situation? Will .net-core have access to the correct keystore on the rhel system?

+4

ssl ssl-certificate .net-core redhat root-certificate

Madmap May 24, '17 at 13:27

source share

1 answer

Martin Ullrich · Accepted Answer · 2017-05-24T13:40:50+0000

Since .NET Core uses OpenSSL for Linux, you need to configure the linux environment in the container for OpenSSL to take the certificate.

This is done using examples (+ Dockerfile):

Copying the .crt certificate .crt to a location that update-ca-certificates will check for trusted certificates - for example. /usr/local/share/ca-certificates/ oron RHEL /etc/pki/ca-trust/source/anchors/ :
```
 COPY myca.crt /usr/local/share/ca-certificates/ 
```
Call update-ca-certificates :
```
 RUN update-ca-certificates 
```

Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

More articles: