Linux(RHEL 7.1)上的DotNet Core中的受信任根证书 [英] Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)
问题描述
我目前正在将.net-core Web-api部署到rhel 7.1上的docker容器中。
一切都按预期工作,但是从我的应用程序中,我需要通过https调用其他服务,并且那些主机使用由自我维护的根证书签名的证书。
I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.
在这个星座我在调用此服务时收到ssl错误(ssl无效),因此我需要在docker-container中安装此根证书,或者以某种方式在.net-core应用程序中使用根证书。
In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.
该怎么做?是否有最佳实践来应对这种情况? .net-core是否可以在rhel系统上访问正确的密钥库?
How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?
推荐答案
由于.NET Core在Linux上使用OpenSSL,因此您需要在容器中设置Linux环境,以便OpenSSL可以提取证书。
Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.
这是通过(+ Dockerfile示例)完成的:
This is done by (+ Dockerfile examples):
-
将证书
.crt
文件复制到更新的位置-ca-certificates
将扫描受信任的证书-例如/ usr / local / share / ca-certificates /
oron RHEL/ etc / pki / ca-trust / source / anchors /
:
Copying the the certificate
.crt
file to a location thatupdate-ca-certificates
will scan for trusted certificates - e.g./usr/local/share/ca-certificates/
oron RHEL/etc/pki/ca-trust/source/anchors/
:
COPY myca.crt /usr/local/share/ca-certificates/
调用 update-ca-certificates
:
RUN update-ca-certificates
这篇关于Linux(RHEL 7.1)上的DotNet Core中的受信任根证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!