Error Loading Self Signed Certificate on Azure App Service with linux container with IdentityServer 4 AddSigningCredential

Question

I have my asp.net core 3.1 app configured to use identity server 4. Everything works fine in my local machine and in my local IIS. If I publish to Azure App Service, the certificate loading fails with the below error:

2020-04-05T02:01:46.200965138Z Documentation: http://aka.ms/webapp-linux
2020-04-05T02:01:46.200972938Z Dotnet quickstart: https://aka.ms/dotnet-qs
2020-04-05T02:01:46.200980839Z ASP .NETCore Version: 3.1.0
2020-04-05T02:01:46.200988739Z Note: Any data outside '/home' is not persisted
2020-04-05T02:01:46.624585930Z Running oryx -appPath /home/site/wwwroot -output /opt/startup/startup.sh -defaultAppFilePath /defaulthome/hostingstart/hostingstart.dll     -bindPort 8080 -userStartupCommand '' 
2020-04-05T02:01:46.758919856Z Oryx Version: 0.2.20200114.13, Commit: 204922f30f8e8d41f5241b8c218425ef89106d1d, ReleaseTagName: 20200114.13
2020-04-05T02:01:46.769077531Z Cound not find build manifest file at '/home/site/wwwroot/oryx-manifest.toml'
2020-04-05T02:01:46.770324503Z Could not find operation ID in manifest. Generating an operation id...
2020-04-05T02:01:46.771110686Z Build Operation ID: 2c1fda2a-9303-49d7-8d96-2fd6b961de83
2020-04-05T02:01:48.583605155Z Writing output script to '/opt/startup/startup.sh'
2020-04-05T02:01:48.934026596Z Trying to find the startup DLL name...
2020-04-05T02:01:48.934770080Z Found the startup D name: IDP.dll
2020-04-05T02:01:48.935266269Z Running the command: dotnet "IDP.dll"
2020-04-05T02:01:50.341053110Z [02:01:50 Information] 
2020-04-05T02:01:50.341106512Z Starting host...
2020-04-05T02:01:50.341118212Z 
2020-04-05T02:01:52.133020171Z [02:01:52 Fatal] 
2020-04-05T02:01:52.133081573Z Host terminated unexpectedly.
2020-04-05T02:01:52.133093173Z Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib
2020-04-05T02:01:52.133102374Z    at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
2020-04-05T02:01:52.134995630Z    at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
2020-04-05T02:01:52.135015331Z    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
2020-04-05T02:01:52.135025731Z    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
2020-04-05T02:01:52.135048232Z    at IDP.Startup.ConfigureServices(IServiceCollection services) in C:\Users\xxxx\IDP\Startup.cs:line 47
2020-04-05T02:01:52.135072332Z    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
2020-04-05T02:01:52.140072381Z    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
2020-04-05T02:01:52.140095582Z    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services)
2020-04-05T02:01:52.140545195Z    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.<>c__DisplayClass9_0.<Invoke>g__Startup|0(IServiceCollection serviceCollection)
2020-04-05T02:01:52.140562795Z    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.Invoke(Object instance, IServiceCollection services)
2020-04-05T02:01:52.140572496Z    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.<>c__DisplayClass8_0.<Build>b__0(IServiceCollection services)
2020-04-05T02:01:52.140919606Z    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.UseStartup(Type startupType, HostBuilderContext context, IServiceCollection services)
2020-04-05T02:01:52.140980508Z    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.<>c__DisplayClass12_0.<UseStartup>b__0(HostBuilderContext context, IServiceCollection services)
2020-04-05T02:01:52.141103111Z    at Microsoft.Extensions.Hosting.HostBuilder.CreateServiceProvider()
2020-04-05T02:01:52.141119512Z    at Microsoft.Extensions.Hosting.HostBuilder.Build()
2020-04-05T02:01:52.141498823Z    at IDP.Program.Main(String[] args) in C:\Users\xxxx\IDP\Program.cs:line 37
2020-04-05T02:01:52.141564625Z 


2020-04-05 02:01:53.668 ERROR - Container xxxxidp_0_bb9e5be5 for site xxxxidp has exited, failing site start
2020-04-05 02:01:53.676 ERROR - Container xxxxidp_0_bb9e5be5 didn't respond to HTTP pings on port: 8080, failing site start. See container logs for debugging.
2020-04-05 02:01:53.693 INFO  - Stoping site xxxxidp because it failed during startup.

Status_WatchFile :: Error Error: ENOENT: no such file or directory, open '/appsvctmp/status.txt'

Here is my configure services in startup:

builder.AddSigningCredential(new X509Certificate2($"{Environment.ContentRootPath}\\Certificate\\my certificate.pfx", Configuration.GetValue<string>("CertificatePassword")));

Here is my certificate in my project folder structure,

Please assist if I'm doing something wrong. Trying for more than a day and not able to figure where I'm going wrong.

Answer 1

After almost weeks and analyzing all possibilities, I figured out where I went wrong. It is the \ that is causing trouble. I have certificate added in my application. The below line works with windows machine,

builder.AddSigningCredential(new X509Certificate2($"{Environment.ContentRootPath}\\Certificate\\my certificate.pfx", Configuration.GetValue<string>("CertificatePassword")));

However I understood that \ doesn't work in linux when it comes to path. So I replaced the \ to forward slash / and it worked in both windows and linux.

builder.AddSigningCredential(new X509Certificate2($"{Environment.ContentRootPath}/Certificate/my certificate.pfx", Configuration.GetValue<string>("CertificatePassword")));

Hope this really helps some one.