Linux 上 DotNet Core 中的可信根证书 (RHEL 7.1) [英] Trusted Root Certificates in DotNet Core on Linux (RHEL 7.1)

问题描述

我目前正在将 .net-core web-api 部署到 rhel 7.1 上的 docker 容器中.一切都按预期工作，但是从我的应用程序中，我需要通过 https 调用其他服务，并且这些主机使用由自我维护的根证书签名的证书.

I'm currently deploying a .net-core web-api to an docker container on rhel 7.1. Everything works as expected, but from my application I need to call other services via https and those hosts use certificates signed by self-maintained root certificates.

在这个星座中，调用此服务时出现 ssl 错误(ssl 无效)，因此我需要在 docker-container 中安装此根证书或以某种方式在 .net-core 应用程序中使用根证书.

In this constellation I get ssl-errors while calling this services (ssl-not valid) and therefore I need to install this root-certificate in the docker-container or somehow use the root-certificate in the .net-core application.

如何做到这一点?是否有处理这种情况的最佳实践?.net-core 会在 rhel 系统上访问正确的密钥库吗?

How can this be done? Is there a best practice to handle this situation? Will .net-core access the right keystore on the rhel-system?

推荐答案

由于 .NET Core 在 linux 上使用 OpenSSL，您需要在容器中设置您的 linux 环境，以便 OpenSSL 将获取证书.

Since .NET Core uses OpenSSL on linux, you need to set up your linux environment in the container so that OpenSSL will pick up the certificate.

这是由(+ Dockerfile 示例)完成的:

This is done by (+ Dockerfile examples):

1. 将证书 .crt 文件复制到 update-ca-certificates 将扫描受信任证书的位置 - 例如/usr/local/share/ca-certificates/ 或 RHEL /etc/pki/ca-trust/source/anchors/:

1. Copying the the certificate .crt file to a location that update-ca-certificates will scan for trusted certificates - e.g. /usr/local/share/ca-certificates/ or on RHEL /etc/pki/ca-trust/source/anchors/:

 COPY myca.crt /usr/local/share/ca-certificates/

调用 update-ca-certificates:

 RUN update-ca-certificates

这篇关于Linux 上 DotNet Core 中的可信根证书 (RHEL 7.1)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！