Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I have a .NET Core Web API hosted in Kubernetes as a Pod. It is also exposed as a Service. I have created a Dev SSL certificate and it's produced a aspnetapp.pfx file.

Here is a snippet of my Docker file:

FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base
WORKDIR /app
EXPOSE 443
ENV ASPNETCORE_URLS=https://+:443
ENV ASPNETCORE_HTTPS_PORT=443
ENV ASPNETCORE_Kestrel__Certificates__Default__Password={password}
ENV ASPNETCORE_Kestrel__Certificates__Default__Path=APIGateway/Certificates/aspnetapp.pfx
When I run the app in Kubernetes I receive an error in the container logs, and the container is failing to start:
error:2006D002:BIO routines:BIO_new_file:system lib
I know its able to find the SSL certificate but, its throwing the above error.
Please help!:)
                Hello @Sach K, is your error you included a part of something bigger and looks like in this question? Are you using nginx?
– Mikołaj Głodziak
                May 28, 2021 at 7:51
                Hi @MikolajGlodziak I am not using nginx. I'm trying to get SSL working in my .NET Core Web API which is hosted in Kubernetes - Docker Desktop installation. I get this error every time I start the container.
– Sach K
                May 28, 2021 at 12:01
                Try to convert your certificate to .crt format. You can also read this page: devblogs.microsoft.com/aspnet/…
– Mikołaj Głodziak
                May 28, 2021 at 12:18
                I've read the page however this article mentions that I need to pass the file path to the .pfx file. dylanbeattie.net/2020/11/18/using-https-with-kestrel.html
– Sach K
                May 28, 2021 at 13:13
I just ran into this same problem and even though things were working fine previously, something was updated (possibly .NET 6.0.402) which caused a problem.
What I noticed is that my exported dev cert pfx in the Docker container had it's permissions set to:
-rw------- 1 root    root    2383 Oct 18 14:40 cert.pfx
In my Dockerfile, I export the dotnet dev cert and run a chmod to add read permissions for everyone:
RUN dotnet dev-certs https --clean && dotnet dev-certs https --export-path /app/publish/cert.pfx -p {password}
RUN chmod 644 /app/publish/cert.pfx
This resulted in permissions which were the same as my appsettings files:
-rw-r--r-- 1 root    root     535 Oct 18 14:11 appsettings.Development.json
-rw-r--r-- 1 root    root     331 Sep 27 18:13 appsettings.json
-rw-r--r-- 1 root    root    2383 Oct 18 14:40 cert.pfx
That fixed the error for me.
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.