在dotnet核心docker容器中安装证书 [英] Install certificate in dotnet core docker container

问题描述

以前，我们的应用程序在.net框架上运行，我们使用powershell通过运行以下命令将证书安装到证书存储中：

Previously our application ran on .net framework and we used powershell to install our certificate into the certificate store by running the following command:

运行powershell -NoProfile -Command \
$ Secure_String_Pwd = ConvertTo-SecureString ourverysecretpassword -AsPlainText -Force; \
Import-PfxCertificate -FilePath /cert.pfx -CertStoreLocation证书：\LocalMachine\Root-可导出-密码$ Secure_String_Pwd

但是现在我们已经将代码转移到.netcore，上面的命令将不再在dockerfile中工作。

but now we have transferred our code to .netcore, the above command wont work in the dockerfile anymore.

关于如何安装现有.pfx证书的任何想法通过dockerfile进入docker容器？

Any idea on how to install an existing .pfx certificate via the dockerfile into the docker container?

我试图在Windows上运行我的容器，这是完整的dockerfile，也许就是我使用错误的图像：

Im trying to run my container on windows, here is the complete dockerfile, maybe its just that i use the wrong image:

这是整个docker文件：

This is the entire docker file:

FROM microsoft/dotnet

COPY ./Web /app/

COPY cert.pfx /cert.pfx

RUN powershell -NoProfile -Command \
 $Secure_String_Pwd = ConvertTo-SecureString "againourverysecretpassword" -
AsPlainText -Force ; \
 Import-PfxCertificate -FilePath /cert.pfx  -CertStoreLocation 
 Cert:\LocalMachine\Root -Exportable -Password $Secure_String_Pwd

WORKDIR /app

EXPOSE 5000 
ENTRYPOINT ["dotnet", "myhost.dll"]

无论如何，在运行powershell命令时都会失败，并说：
'powershell'无法识别为内部或外部命令，
可操作程序或批处理文件。

Anyhow it fails on the run powershell command, saying: 'powershell' is not recognized as an internal or external command, operable program or batch file.

推荐答案

您的Docker容器是否在Linux上运行？

Is your Docker container running on Linux?

我认为是这样的。然后，您的基本映像应该是 microsoft / aspnetcore ，该映像基于Ubuntu。

I assume that it is. Then your base image should be microsoft/aspnetcore, which is based on Ubuntu.

您应该将此映像添加到您的 DOCKERFILE ：

You should add this in your DOCKERFILE:

COPY ca_bundle.crt /usr/local/share/ca-certificates/your_ca.crt
RUN update-ca-certificates

第一行复制您的将CA捆绑包添加到映像中，第二行更新CA列表。

First line copies your CA bundle into the image, the second line updates the CA list.

CA捆绑包（签署证书的授权机构列表）可以从PFX中提取，只需从Google为了它。 此是我找到的第一个链接。

The CA bundle (the list of authorities that signed your certificate) can be extracted from PFX, just Google for it. This is the first link I found.

如果您的容器在Windows上运行，那么Powershell命令应该按原样运行（我不确定）

If your container is running on Windows, then Powershell command should work as-is (I'm not sure about that)

这篇关于在dotnet核心docker容器中安装证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！