Search code examples
linuxdockerkestrel

Kestrel Certificate "no such file" on Linux containers works find on Windows containers

I have constructed an aspnetcore webapp using https on docker windows containers with no issue. When I modified it to run on Linux containers using http, there was no issue.

However, when I enabled https on the Linux container, kestrel throws an exception saying "no file found" for the certificate. After searching I found at https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https-development.md

Note: The certificate name, in this case aspnetapp.pfx must match the project assembly name.

I renamed the certificate to match the assembly name exactly cased as it is.

Lets say the name is:

Company.RLG.Server.WebAPI.dll

I named the certificate file: "Company.RLG.Server.WebAPI.pfx". For the purpose of my test app, I merely copied that to the /https folder. (Later will be doing the volume sharing.)

My DockerFile section for the Kestrel environment vars is:

ENV ASPNETCORE_HTTPS_PORT="8001"
ENV ASPNETCORE_Kestrel__Certificates__Default__Password="x"
ENV ASPNETCORE_Kestrel__Certificates__Default__Path="\https\Company.RLG.Server.WebAPI.pfx"
ENV ASPNETCORE_URLS="https://+;http://+"

However, even thusly renamed, Kestrel complains:

crit: Microsoft.AspNetCore.Server.Kestrel[0]
      Unable to start Kestrel.
Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
   at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
   at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

Searched and finding a lot of similar but not exact variations of this issue, none of which seem to apply to my case.

Questions, suggestions, and answers are appreciated.

Solution

  • DUH.

    Sorry for the dumb question folks. I caught the issue.

    You see in the above I am putting backslashes into the path for the certificate.

    I changed those to forward slashes, and everything is working now.