从Docker DocumentDB应用程序连接到AWS C#的Cert错误
我的.net核心应用程序在我的主机上工作和连接都很好。
一旦构建并从一个码头容器运行,它就会出现错误的System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.。
使用mongodb://user@xxxx.amazonaws.com/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false&connectTimeoutMS=3000的mongo连接字符串
当应用程序使用RUN wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -P /app运行时,我已经验证了cert文件和我的其他二进制文件都在目录中
我还尝试使用容器中的dotnet-certificate-tool安装证书。
更新:我能够让证书的p7b版本正常工作,但它必须通过代码加载。无法从OS证书存储加载它。
Stack Overflow用户
发布于 2022-03-24 22:40:20
使用Net 6webapi部署到docker /Linux 11的带有错误消息的相同问题:A timeout occurred after 30000ms selecting a server...tldr;cut;tldr;...Driver.MongoConnectionException: An exception occurred while opening a connection to the server.\n ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain\n...tldr;cut;...
并通过在Dockerfile中添加一些行来解决
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
# add AWS RDS CA bundle
ADD https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem /tmp/rds-ca/aws-rds-ca-bundle.pem
# split the bundle into individual certs (prefixed with xx)
# see http://blog.swwomm.com/2015/02/importing-new-rds-ca-certificate-into.html
RUN cd /tmp/rds-ca && cat aws-rds-ca-bundle.pem|awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ""}' \
&& for CERT in /tmp/rds-ca/cert*; do mv $CERT /usr/local/share/ca-certificates/aws-rds-ca-$(basename $CERT).crt; done \
&& rm -rf /tmp/rds-ca \
&& update-ca-certificates
WORKDIR /app
EXPOSE 80
EXPOSE 443
...
...
...https://stackoverflow.com/questions/67013408
复制相似问题
腾讯云开发者
