I am running dotnet core 2.1 using LINUX container in Win10 machine and I have created a self signed CA using openssl and installed in docker machine. Docker output shows that the CA has been added.

And when I run below command it also shows me the installed certificate
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

But, the installed certificate is not accessible via X509Store
Below code shows count : 0
 using (var store = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadOnly);
                Console.WriteLine($"LocalMachine-> CertificateAuthority-> Count: {store.Certificates.Count}");
                foreach (var cert in store.Certificates)
                {
                    Console.WriteLine($"cert: {cert}");
                }
            }
Below code shows count : 151
  using (var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadOnly);
                Console.WriteLine($"LocalMachine-> Root-> Count: {store.Certificates.Count}");
                foreach (var cert in store.Certificates)
                {
                    Console.WriteLine($"cert: {cert.IssuerName.Name}");
                }
            }
But I think it should be 152.
here is my docker file
FROM microsoft/dotnet:2.1-runtime AS base
WORKDIR /app
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY TestWebApp1/TestWebApp1.csproj TestWebApp1/
RUN dotnet restore TestWebApp1/TestWebApp1.csproj
COPY . .
WORKDIR /src/TestWebApp1
RUN dotnet build TestWebApp1.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish TestWebApp1.csproj -c Release -o /app 
RUN ls -l
RUN ls certificate/ 
COPY TestWebApp1/certificate/ca.crt /usr/share/ca-certificates/ca.crt
RUN echo ca.crt >> /etc/ca-certificates.conf 
RUN ls /usr/local/share/ca-certificates/
RUN dpkg-reconfigure -p critical ca-certificates
RUN update-ca-certificates 
RUN awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "TestWebApp1.dll"]
Any help would be appreciated.
Thanks in advance.
This seems due to the multi-stage Dockerfile.
You have installed the certificates in the publish image, but not in the final image. Also, base doesn't include the newly installed certificates.
I would suggest to
publish image to the final imagedpkg-reconfigure ... update-ca-certificates during the final stagebase imageMy preference would be option 1.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With