I am starting on Docker-Compose using .Net core and have hit an issue with SSL handshake while communicating between the containers.

Stack .Net Core 2.2, Docker CE for Windows (Linux Containers) 2.0.0.3, Docker Compose 3.4, VS2019 Update 2, Windows 10, Chrome Version 74.0.3729.131 (Official Build) (64-bit)

I have an API being called by another api using HttpClient. I have added them in one docker-compose project and they are referenced using the service names:

version: '3.4'

services:
  caller.api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:80
      - ASPNETCORE_HTTPS_PORT=44391
      - FirstServiceUrl=https://callee.api
    depends_on:
      - callee.api
    ports:
      - "44391:80"
    volumes:
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

  callee.api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:80
      - ASPNETCORE_HTTPS_PORT=44392
    ports:
      - "44392:80"
    volumes:
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro


However, these caller fails to call the callee and I get different kind of errors based on the below cases.

I've tried a number of things :

  1. dotnet dev-certs https This obviously allows the api's running outside docker-compose to run on SSL and dont have any issues in communication

  2. Generate and Use self signed certs I used the information here and created the certificates.

They're added to the Trusted root. I can see them in Cert Manager.
Added the following code in the API Main:

var builder = WebHost.CreateDefaultBuilder(args);
builder.ConfigureAppConfiguration((ctx, cfg) => cfg.AddEnvironmentVariables());

builder.UseKestrel(options =>
{
     options.AddServerHeader = false;
     options.ListenAnyIP(80, o =>
     {
          o.UseHttps( new X509Certificate2( "callee.api.pfx", "password"));
     });
})
.UseStartup<Startup>();

But when I launch Chrome(to test using swagger), the browser shows Not Secure Error

I get this exception:

      Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---

I tried first with creating certificate as localhost.pfx which didnt work. I also tried with certificate callee.pfx but without any success.

  1. Several different approaches similar to (2) above but no joy.

I am able to get to the individual API's in the browser and can manually run them fine.

When I disable SSL, they are able to interact without any issues.

I've spent couple of days trying to get this to work. Would really appreciate any help or pointers.

0 Answers