locked
Running API and MVC projects SSL connection could not be established RRS feed

  • Question

  • User-544325736 posted

    Hello all,

    I been trying to figure this out on my own for over a week now and tried so many different things but I have not yet got it working.

    I have a Linux server I am deploying my .Net Core Web API on, also I am deploying my .Net Core MVC UI on it as well.

    They both get deployed successfully and when I use swagger on the API I can successfully reach and access the database.

    When I use my UI I run a page to connect to the API I get

    This error:

    An unhandled exception occurred while processing the request. The remote certificate is invalid because of errors in the certificate chain partialchain

    HttpRequestException: the SSL connection could not be established,

     

    I tried setting up my cookie to connect and be authorized to localhost:port# of API

    I ran dotnet dev-certs https –clean

    And

    Dotnet dev-certs https –trust

    And tried many other small things but all with the same result.

    My end goal is to get this to work than to put them both in docker containers and have them connect to each other. In docker containers, I get an error im assuming its this same problem. I added ASPNETCORE_ENVIRONMENT: develp[ment to Docker in launchsettings.json thinking that would put it to dev mode in docker container but it didn’t so I don’t get a stack trace in docker. But I just wanna figure out this ssl connection not be established.

     

    Sunday, February 7, 2021 4:28 PM

Answers

  • User-474980206 posted

    the cert needs to be installed and trusted on both the linux box hosting the docker image, and the browser host.

    note: a typical self signed cert is for localhost, but this will not work unless the browser is run on the docker host machine. you will need a cert for a cname that the docker host knows is itself, and the browser host machine knows is the docker host.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, February 14, 2021 1:00 AM

All replies

  • User-474980206 posted

    You are using self signed certificates. While dotnet can create a ssl cert, this only fully supported by windows and macOS. For Linux  the cert from dotnet must be converted from .pfx format to .crt format, then installed. You can use OpenSSL to do the convert, but you can just create the cert with OpenSSL. 

    Google for instructions on using a self signed ssl cert for docker on Linux. Most of the samples will be for ngnix , but easily converted to asp.net core.

    Sunday, February 7, 2021 11:41 PM
  • User-544325736 posted

    hello.

    I created a openssl cert on my ubuntu machine. when i run dotnet run in my vscode the cert I created comes up as the cert. how can I get linux to trust my localhost cert. In my cert I added DNS localhost, 127.0.0.1, and 0.0.0.0 all to dns in cert. I have a .crt and .pfx I also added my cert to usr/local/share/ca-certificates and did the: sudo update ca-certificates. After it says added 1 cert then I run the check if it added it and it is.

    When I run my project iv vs code the site is still not trusted on both chrome and firefox I been doing tons of research and trying lots but have not been successful yet...

    Saturday, February 13, 2021 5:30 AM
  • User-474980206 posted

    I use a Mac, so I just use keychain to trust the cert. on Linux, it will depend on the version, but generally there is a folder

    https://ubuntu.com/server/docs/security-certificates

    Saturday, February 13, 2021 4:37 PM
  • User-544325736 posted

    Ok, thank you ill keep looking into it,
    I added the cert to the openssl folder in ca-certificates and ran a command and it said it added the cert but on the site its still not trusted.

    I appreciate the info.

    Saturday, February 13, 2021 5:41 PM
  • User-474980206 posted

    the cert needs to be installed and trusted on both the linux box hosting the docker image, and the browser host.

    note: a typical self signed cert is for localhost, but this will not work unless the browser is run on the docker host machine. you will need a cert for a cname that the docker host knows is itself, and the browser host machine knows is the docker host.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, February 14, 2021 1:00 AM