question

61923896 avatar image
0 Votes"
61923896 asked 61923896 answered

Loading certificate.pfx with password in linux doesn't work

Hello I deploy my app on linux, but I found problem with loading certificate with password doesn't work when I start my app server side.

Exampale:

  public static IHostBuilder CreateHostBuilder(string[] args) =>
             Host.CreateDefaultBuilder(args)
                 .ConfigureWebHostDefaults(webBuilder =>
                 {
                     var cert = new X509Certificate2("/etc/ssl/certs/certificate.pfx","******"); // doesn't work
                     webBuilder.UseStartup<Startup>();
                     webBuilder.ConfigureKestrel(serverOoptions =>
                     {
                           . . . .  . .  .
                     }
                  }

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib
at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at GrpcService.Program.<>c.<CreateHostBuilder>b_4_0(IWebHostBuilder webBuilder) in D:\GrpcService\Program.cs:line 56
at Microsoft.Extensions.Hosting.GenericHostBuilderExtensions.<>c
DisplayClass0_0.<ConfigureWebHostDefaults>b_0(IWebHostBuilder webHostBuilder)
at Microsoft.Extensions.Hosting.GenericHostWebHostBuilderExtensions.ConfigureWebHost(IHostBuilder builder, Action`1 configure, Action`1 configureWebHostBuilder)
at Microsoft.Extensions.Hosting.GenericHostWebHostBuilderExtensions.ConfigureWebHost(IHostBuilder builder, Action`1 configure)
at Microsoft.Extensions.Hosting.GenericHostBuilderExtensions.ConfigureWebHostDefaults(IHostBuilder builder, Action`1 configure)
at GrpcService.Program.CreateHostBuilder(String[] args) in D:\GrpcService\Program.cs:line 53
at GrpcService.Program.Main(String[] args) in D:\GrpcService\Program.cs:line 29
Aborted


And if load certificate without password app good working.
What happened?
Any tips, thank's!

dotnet-csharpdotnet-ad
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

61923896 avatar image
0 Votes"
61923896 answered

Yes it's true, this exception about permission to certificate, I set sudo chmod 755 /etc/ssl/cert/your certificate and this solved for me. Thank's

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

lextm avatar image
0 Votes"
lextm answered

It has been discussed a while ago,

https://github.com/dotnet/runtime/issues/24051

Literally that error message means access denied, and your app couldn't access the file at that location.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.