Asp.net Core Docker container outbound HTTPS calls failing

Question

I am using the following Dockerfile to create a container for my ASP.NET Core application:

FROM microsoft/aspnetcore:1.1.2
ARG source
WORKDIR /app
EXPOSE 80
COPY PublishOutput .
ENTRYPOINT ["dotnet", "IdentityServer4.Management.dll"]

It seems that if my container has to make any outbound calls via HTTPS, an exception is thrown, referencing curl:

System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.CurlException: SSL connect error

This seems to happen even when the remote side has a valid certificate. I have been able to bypass this by attaching the following HttpHandlerto an HttpClient, which seems to bypass the issues:

var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; };

What am I missing here, and why am I having to do this as a workaround?

Upon trying to research this, I came across some discussions that a "client certificate" is needed to establish this connection, with no concrete examples.

Also, I am technically using Rancher for our Docker management system, which has a set of infrastructure that these containers run on. Not sure if that makes a difference at all, but figured I would mention it.

Answer 1

Being that I was running this on the internal company network, and that my company security department issued certs for internal applications, I had to add the CA Chain Cert to my container in order by it to recognize my company as a valid authority. I added these to my Dockerfile:

RUN curl -o /usr/share/ca-certificates/my_ca_chain.crt https://somelocation/my_ca_chain.crt
RUN echo "my_ca_chain.crt" >> /etc/ca-certificates.conf && update-ca-certificates