0

I have a .NET Core Web API hosted in Kubernetes as a Pod. It is also exposed as a Service. I have created a Dev SSL certificate and it's produced a aspnetapp.pfx file.

Here is a snippet of my Docker file:

FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base
WORKDIR /app
EXPOSE 443
ENV ASPNETCORE_URLS=https://+:443
ENV ASPNETCORE_HTTPS_PORT=443
ENV ASPNETCORE_Kestrel__Certificates__Default__Password={password}
ENV ASPNETCORE_Kestrel__Certificates__Default__Path=APIGateway/Certificates/aspnetapp.pfx

When I run the app in Kubernetes I receive an error in the container logs, and the container is failing to start:

error:2006D002:BIO routines:BIO_new_file:system lib

I know its able to find the SSL certificate but, its throwing the above error.

Please help!:)

Sach K
  • 577
  • 3
  • 18
  • Hello @Sach K, is your error you included a part of something bigger and looks like in [this question](https://serverfault.com/questions/683637)? Are you using nginx? – Mikołaj Głodziak May 28 '21 at 07:51
  • Hi @MikolajGlodziak I am not using nginx. I'm trying to get SSL working in my .NET Core Web API which is hosted in Kubernetes - Docker Desktop installation. I get this error every time I start the container. – Sach K May 28 '21 at 12:01
  • Try to convert your certificate to .crt format. You can also read this page: https://devblogs.microsoft.com/aspnet/configuring-https-in-asp-net-core-across-different-platforms/ – Mikołaj Głodziak May 28 '21 at 12:18
  • I've read the page however this article mentions that I need to pass the file path to the .pfx file. https://dylanbeattie.net/2020/11/18/using-https-with-kestrel.html – Sach K May 28 '21 at 13:13
  • Now I'm stuck on what the path would be when I'm running in the Linux container. – Sach K May 28 '21 at 13:13
  • Try to mount the certs inside the Docker container and then refer to this path: `docker run -v /host/path/to/certs:/container/path/to/certs -d IMAGE_ID "update-ca-certificates"` Like [this example](https://stackoverflow.com/questions/26028971/docker-container-ssl-certificates) – Mikołaj Głodziak May 28 '21 at 13:28

0 Answers0