I want to store a pfx file in a linux container and use it in the dotnet core application that runs on the container. The aim is to use this file for signing stuff, not ssl. I could do it via copying pfx to a certain folder in a docker file, then loading it in the application code. But I would use certificate store if my environment was Windows. I'm wondering if we could use cert-store in Linux for this purpose, if yes how, and then get the pfx via thumbprint in the application ?
The only cert store that Linux supports is the /etc/ssl directory ;-)
The preferred way to do it is to keep it in a secure folder in you Linux server and mount it into the container (ideally as read-only).
If you're using docker-compose then you can specify that a volume should be mounted as read-only (and yes - you can even mount a file as a volume) as documented here, the gist of it is:
version: "3.9"
services:
web:
volumes:
- type: bind
source: ./your.pfx
target: /your.pfx
read_only: true