问题
I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.
In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.
How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?
回答1:
Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.
This is done by (+ Dockerfile examples):
Copying the the certificate
.crtfile to a location thatupdate-ca-certificateswill scan for trusted certificates - e.g./usr/local/share/ca-certificates/oron RHEL/etc/pki/ca-trust/source/anchors/:COPY myca.crt /usr/local/share/ca-certificates/Invoking
update-ca-certificates:RUN update-ca-certificates
来源:https://stackoverflow.com/questions/44159793/trusted-root-certificates-in-dotnet-core-on-linux-rhel-7-1