❔ ✅ Certificates in Docker Build
So context: my team have a containerized build, Ie. dotnet restore/build/test/publish in a docker file. Some integration tests where added that spin up an API project and Use HttpClient to hit the endpoints. This all works outside of docker but running the build in a container produces an error,
Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. Ok, makes sense as the SDK container mcr.microsoft.com/dotnet/sdk:6.0-focal has no dev cert. The question is how do I get a valid cert in the container so tests can use it? Any ideas?6 Replies
Unknown User•14mo ago
Message Not Public
Sign In & Join Server To View
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.@TeBeClone I am assuming you mean this guide: https://learn.microsoft.com/en-us/dotnet/core/additional-tools/self-signed-certificates-guide. There is also good guidance at https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0&tabs=visual-studio%2Clinux-ubuntu#trust-https-certificate-on-linux-1. While those docs are good the key piece of information the docs are missing is service-to-service communication within Linux. This is exactly what our tests are doing, spinning up an API and using HttpClient to all some endpoints.
After generating a cert using the docs above I had a different set of errors around certificate trust. Turns out that openssl has a much stricter set of parameters for trusting a self-signed certificate. Thus, generating a cert using
dotnet dev-cert does not work. The issue is described at https://github.com/dotnet/aspnetcore/issues/7246#issuecomment-537752663. The root cause is fixed in OpenSSL 1.1.1h or later but the SDK container image doesn't have that version of OpenSSL. There is also a nice fix at https://blog.wille-zone.de/post/aspnetcore-devcert-for-ubuntu/.ASP.NET Core dev-cert for Ubuntu
Creating and trusting a dev-cert for ASP.NET Core in Ubuntu is not easy. In this article you see how you can do this with a single script!
Enforce HTTPS in ASP.NET Core
Learn how to require HTTPS/TLS in an ASP.NET Core web app.
GitHub
dev-certificates on Linux -- how to get dotnet-to-dotnet comms to w...
Description I have an asp.net core application with a self-hosted IdentityServer component. I can convince a browser (Chrome and Firefox) to visit the site, but I'm having trouble getting the I...
Unknown User•14mo ago
Message Not Public
Sign In & Join Server To View
Issue has been resolved, thanks.
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.