Reputation: 670
Client certificate HttpClient .Net Core Docker Linux
I implemented a internal REST Service which consumes another (external) REST Service. The external service is secured with HTTPS with client certificate (and Tokens).
In the first implementation it was a service based on .NET Framework (4.6.2 of course windows) and the code looked like that:
var certificate = new X509Certificate2("./ExternalCert.pfx", "supersecurepassword764689");
var httpClientHandler = new HttpClientHandler
{
ClientCertificateOptions = ClientCertificateOption.Manual,
ClientCertificates =
{
certificate
},
CookieContainer = this.cookieContainer,
};
this.httpClient = new HttpClient(httpClientHandler)
{
BaseAddress = new Uri(url)
};
And it worked quite well. Now we are switching to ASP.NET Core 2 (based on .NET Core) and Docker. During development on my windows machine the code above worked aswell with .NET Core.
But now if I execute it inside of the docker container (of course linux) it doesn´t work anymore (SSL Error). (For now the certificate is copied into the container image, but it´s planed to store it with docker secrets).
I did some research and it seems *.pfx don´t work on linux and you have to generate a *.pem-file based on pfx. So I generated it with this command:
openssl pkcs12 -in ExternalCertificate.pfx -out ExternalCertificate.pem -nodes
Afterwards I replaced the following line:
var certificate = new X509Certificate2("./NewExternalCert.pem", "supersecurepassword764689");
and also tried:
var certificate = new X509Certificate2(File.ReadAllBytes("./NewExternalCert.pem"), "supersecurepassword764689");
Now I still get an error from the external service that the client certificate is missing but there is no exception in my application.
So what am I doing wrong? How can I send the certificate on linux? Is there a possiblity to do it on both OS the same way?
Thank you in advance for any advice!
Upvotes: 2
Views: 4360
Answers (1)
Reputation: 670
I figured it out. You have to set up the linux environment as you have to install the certificate on windows.
I copied the certificates as part of the container image (Dockerfile) with:
COPY ExternalCert.pem /etc/ssl/certs/ExternalCert.pem
Afterwards the code works like intended
Upvotes: 5
Related Questions
- How to properly install certificates on Docker in ASP.NET Core application?
- Add client certificate to .NET Core HttpClient
- Client certificate with HttpClient in c#
- Client certificates with typed HttpClient not working in .net 5 Linux container
- Client certificate not included by HttpClientHandler in .net core
- Asp.Net-Core Application in docker over https
- How to use Client SSL Certificates with .Net Core
- HttpClient does not send client certificate on Windows using .NET Core
- ASP.NET Core HttpClient can't make HTTPS calls in container
- Client Certificates in Dotnet Core on Ubuntu