Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Wiki: Add HTTPS usage inside Docker
See original GitHub issueGreetings.
Some history. We use WireMock to run our unit tests inside Docker. The other day we had to mock a service whose official client library was nailed to work through HTTPS only. Trying to make an HTTPS mock through WireMock, we were surprised it worked nice on Windows, but inside Docker we were receiving SSL validation errors at connection time.
The reasons behind the behavior - are WireMock-Net/WireMock.Net#379, where the support of default aspnetcore development certificates was added,
and https://github.com/dotnet/aspnetcore/issues/7246, that prevents default dev certificates from being trusted on Linux / Docker.
There is a way to make WireMock run trusted HTTPS inside Docker I’d like to share.
-
Make the
localhost.conffile of content:[ req ] default_bits = 2048 default_keyfile = localhost.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [ req_distinguished_name ] commonName = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @alt_names [ v3_ca ] subjectAltName = @alt_names basicConstraints = critical, CA:false keyUsage = keyCertSign, cRLSign, digitalSignature,keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.1 1.3.6.1.4.1.311.84.1.1 = DER:01 [ alt_names ] DNS.1 = localhost DNS.2 = 127.0.0.1Note the
1.3.6.1.4.1.311.84.1.1 = DER:01it is critical for aspnet for recognizing the cert. -
Generate the cert:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -subj /CN=localhost openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt -passout pass: -
Grab the
localhost.pfxandlocalhost.crtand throw them into the target system. In case ofDockerthat would look:COPY localhost.crt /usr/local/share/ca-certificates/ RUN dotnet dev-certs https --clean \ && update-ca-certificates COPY localhost.pfx /root/.dotnet/corefx/cryptography/x509stores/my/ -
Profit. The system has the aspnetcore dev cert trusted.
Ideally I’d like those 4 steps to be added into the project Wiki so others won’t have to spend all the time I did to find a solution.
Best regards.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
That’s correct. Thank you!
Hello @winseros ; thank you very much for researching the issue + solution.