TechQA.

Communication between two Docker containers failing due to SSL Certificate

156 views Asked by At

I have two asp web api, one for identity server and second for just web api. They are supposed to be run on docker containers.

I generated a self-signed certificate for SSL https connections between containers. So I know that by default it is not trusted and to resolve this issue, I manually add the self-signed certificate to the Trusted Root Certification Authorities.

I also have simple docker-compose.yml

services:
  identityserver:
    build:
      context: .
      dockerfile: src/IdentityServer/Dockerfile
    entrypoint: /bin/sc -c "update-ca-certificates && dotnet Duende.IdentityServer.dll"
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:7000
      - ASPNETCORE_Kestrel__Certificates__Default__Password=*******
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/localhost.pfx
    ports:
      - "7000:7000"
    volumes:
      - ./localhost.pfx:/https/localhost.pfx:ro
      - ./localhost.crt:/usr/local/share/ca-certificates/localhost.crt:ro

  api:
    container_name: api
    build:
      context: .
      dockerfile: src/Web.Api/Dockerfile
    depends_on:
      - identityserver
    entrypoint: /bin/sh -c "update-ca-certificates && dotnet Web.Api.dll"
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:7001
      - ASPNETCORE_Kestrel__Certificates__Default__Password=*******
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/localhost.pfx
      - AUTHENTICATION__AUTHORITY=https://identityserver:7000
      - AUTHENTICATION__AUDIENCE=9fc33c2e-dbc1-4d0a-b212-68b9e07b3ba0
    ports:
      - "7001:7001"
    volumes:
      - ./localhost.pfx:/https/localhost.pfx:ro
      - ./localhost.crt:/usr/local/share/ca-certificates/localhost.crt:ro

api runs on port 7001 and identityserver on 7000. The problem occurs when I attempt to call a protected (authorized) endpoint from api, like: https://api:7001/WeatherForecast. then I have this error:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://identityserver:7000/.well-known/openid-configuration'.

System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://identityserver:7000/.well-known/openid-configuration'.

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

but if I open https://identityserver:7000/.well-known/openid-configuration in browser, it works. I'm sure the problem is in the Docker configuration. Maybe you have had such an experience before.

docker asp.net-core .net-core identityserver4 duende-identity-server
Original Q&A
0

There are 0 answers

Related Questions in DOCKER

Related Questions in ASP.NET-CORE

Related Questions in .NET-CORE

Related Questions in IDENTITYSERVER4

Related Questions in DUENDE-IDENTITY-SERVER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions