Last post Feb 14, 2021 01:00 AM by bruce (sqlwork.com)
Feb 07, 2021 04:28 PM|ExceedingLife|LINK
I been trying to figure this out on my own for over a week now and tried so many different things but I have not yet got it working.
I have a Linux server I am deploying my .Net Core Web API on, also I am deploying my .Net Core MVC UI on it as well.
They both get deployed successfully and when I use swagger on the API I can successfully reach and access the database.
When I use my UI I run a page to connect to the API I get
An unhandled exception occurred while processing the request. The remote certificate is invalid because of errors in the certificate chain partialchain
HttpRequestException: the SSL connection could not be established,
I tried setting up my cookie to connect and be authorized to localhost:port# of API
I ran dotnet dev-certs https –clean
Dotnet dev-certs https –trust
And tried many other small things but all with the same result.
My end goal is to get this to work than to put them both in docker containers and have them connect to each other. In docker containers, I get an error im assuming its this same problem. I added ASPNETCORE_ENVIRONMENT: develp[ment to Docker in launchsettings.json
thinking that would put it to dev mode in docker container but it didn’t so I don’t get a stack trace in docker. But I just wanna figure out this ssl connection not be established.
Feb 07, 2021 11:41 PM|bruce (sqlwork.com)|LINK
You are using self signed certificates. While dotnet can create a ssl cert, this only fully supported by windows and macOS. For Linux the cert from dotnet must be converted from .pfx format to .crt format, then installed. You can use OpenSSL to do the convert,
but you can just create the cert with OpenSSL.
Google for instructions on using a self signed ssl cert for docker on Linux. Most of the samples will be for ngnix , but easily converted to asp.net core.
Feb 13, 2021 05:30 AM|ExceedingLife|LINK
I created a openssl cert on my ubuntu machine. when i run dotnet run in my vscode the cert I created comes up as the cert. how can I get linux to trust my localhost cert. In my cert I added DNS localhost, 127.0.0.1, and 0.0.0.0 all to dns in cert. I have
a .crt and .pfx I also added my cert to usr/local/share/ca-certificates and did the: sudo update ca-certificates. After it says added 1 cert then I run the check if it added it and it is.
When I run my project iv vs code the site is still not trusted on both chrome and firefox I been doing tons of research and trying lots but have not been successful yet...
Feb 13, 2021 04:37 PM|bruce (sqlwork.com)|LINK
I use a Mac, so I just use keychain to trust the cert. on Linux, it will depend on the version, but generally there is a folder
Feb 13, 2021 05:41 PM|ExceedingLife|LINK
Ok, thank you ill keep looking into it,
I added the cert to the openssl folder in ca-certificates and ran a command and it said it added the cert but on the site its still not trusted.
I appreciate the info.
Feb 14, 2021 01:00 AM|bruce (sqlwork.com)|LINK
the cert needs to be installed and trusted on both the linux box hosting the docker image, and the browser host.
note: a typical self signed cert is for localhost, but this will not work unless the browser is run on the docker host machine. you will need a cert for a cname that the docker host knows is itself, and the browser host machine knows is the docker host.