Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/linux/28.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Linux容器中具有.NET Core HttpClient的远程证书无效 我有letsencrypt(*.stg.foo.com)颁发的通配符证书 运行在Nginx后面的docker容器中的两个.NET核心应用程序正在侦听admin.stg.foo.com和srv.stg.foo.com_Linux_Docker_Ssl_.net Core - Fatal编程技术网
Fatal编程技术网
  • linux/
  • Linux容器中具有.NET Core HttpClient的远程证书无效 我有letsencrypt(*.stg.foo.com)颁发的通配符证书 运行在Nginx后面的docker容器中的两个.NET核心应用程序正在侦听admin.stg.foo.com和srv.stg.foo.com

Linux容器中具有.NET Core HttpClient的远程证书无效 我有letsencrypt(*.stg.foo.com)颁发的通配符证书 运行在Nginx后面的docker容器中的两个.NET核心应用程序正在侦听admin.stg.foo.com和srv.stg.foo.com

linux docker ssl .net-core

Linux容器中具有.NET Core HttpClient的远程证书无效 我有letsencrypt(*.stg.foo.com)颁发的通配符证书 运行在Nginx后面的docker容器中的两个.NET核心应用程序正在侦听admin.stg.foo.com和srv.stg.foo.com,linux,docker,ssl,.net-core,Linux,Docker,Ssl,.net Core,到目前为止,此设置似乎按预期工作。我可以通过浏览器访问我的容器,并且证书有效 如果我从一个容器运行curl到另一个容器,它将按预期工作 curl https://admin.stg.foo.com/ -v ALPN, offering h2 ... ALPN, offering http/1.1 successfully set certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CAp

到目前为止,此设置似乎按预期工作。我可以通过浏览器访问我的容器,并且证书有效

如果我从一个容器运行curl到另一个容器,它将按预期工作

 curl https://admin.stg.foo.com/ -v
 ALPN, offering h2
...
ALPN, offering http/1.1
 successfully set certificate verify locations:
   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
 TLSv1.3 (OUT), TLS handshake, Client hello (1):
 TLSv1.3 (IN), TLS handshake, Server hello (2):
 TLSv1.2 (IN), TLS handshake, Certificate (11):
 TLSv1.2 (IN), TLS handshake, Server key exchange (12):
 TLSv1.2 (IN), TLS handshake, Server finished (14):
 TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
 TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
 TLSv1.2 (OUT), TLS handshake, Finished (20):
 TLSv1.2 (IN), TLS handshake, Finished (20):
 SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
 ALPN, server accepted to use h2
 Server certificate:
  subject: CN=.stg.foo.com
  start date: Jul  8 04:50:10 2020 GMT
  expire date: Oct  6 04:50:10 2020 GMT
  subjectAltName: host "admin.stg.foo.com" matched cert's "*.stg.foo.com"
  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
  SSL certificate verify ok.
如果我尝试使用HttpClient从docker容器执行相同的请求,则证书验证将失败,原因是: 根据验证过程,远程证书无效

    Unhandled exception. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
测试代码:

        using (HttpClient client = new HttpClient())
        {
            var result = await client.GetAsync("https://admin.stg.foo.com/.well-known/openid-configuration");
            Console.WriteLine(await result.Content.ReadAsStringAsync());
            result.EnsureSuccessStatusCode();
        }
在Windows计算机上运行的相同请求也可以工作

除了curl(/etc/ssl/certs)之外,.NET是否为证书使用另一个文件夹? 是否有更多日志用于调试.Net核心证书错误

设置:

.NET Core 3.1.5
Ubuntu 20.04 LTS
谢谢你的帮助

编辑:

        using (HttpClient client = new HttpClient())
        {
            var result = await client.GetAsync("https://admin.stg.foo.com/.well-known/openid-configuration");
            Console.WriteLine(await result.Content.ReadAsStringAsync());
            result.EnsureSuccessStatusCode();
        }
发现类似问题:

能否附加完整的stacktrace,此错误看起来与此非常相似,