我在Win10机器上使用LINUX容器运行dotnet core 2.1
我使用openssl创建了一个自签名CA并安装在docker机器中. Docker输出显示已添加CA.
当我在命令下运行时,它还会向我显示已安装的证书
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
但是,无法通过X509Store访问已安装的证书
下面的代码显示count:0
using (var store = new X509Store(StoreName.CertificateAuthority,StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
Console.WriteLine($"LocalMachine-> CertificateAuthority-> Count: {store.Certificates.Count}");
foreach (var cert in store.Certificates)
{
Console.WriteLine($"cert: {cert}");
}
}
下面的代码显示计数:151
using (var store = new X509Store(StoreName.Root,StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
Console.WriteLine($"LocalMachine-> Root-> Count: {store.Certificates.Count}");
foreach (var cert in store.Certificates)
{
Console.WriteLine($"cert: {cert.IssuerName.Name}");
}
}
但我认为它应该是152.
这是我的docker文件
FROM microsoft/dotnet:2.1-runtime AS base
WORKDIR /app
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY TestWebApp1/TestWebApp1.csproj TestWebApp1/
RUN dotnet restore TestWebApp1/TestWebApp1.csproj
COPY . .
WORKDIR /src/TestWebApp1
RUN dotnet build TestWebApp1.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish TestWebApp1.csproj -c Release -o /app
RUN ls -l
RUN ls certificate/
COPY TestWebApp1/certificate/ca.crt /usr/share/ca-certificates/ca.crt
RUN echo ca.crt >> /etc/ca-certificates.conf
RUN ls /usr/local/share/ca-certificates/
RUN dpkg-reconfigure -p critical ca-certificates
RUN update-ca-certificates
RUN awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet","TestWebApp1.dll"]
任何帮助,将不胜感激.
提前致谢.
这似乎是由于多阶段Dockerfile.
您已在发布图像中安装了证书,但未在最终映像中安装.此外,base不包括新安装的证书.
我建议
>手动将证书从发布图像复制到最终图像
>或在最后阶段执行dpkg-reconfigure … update-ca-certificates
>或在基本映像中安装证书
我的偏好是选项1.
