Self-Signed CA not accessible via X509Store #643
Description
Expected behavior
I have created a self signed CA using openssl and installed in docker machine. Docker output shows that the CA has been added.
And when I run below command it also shows me the installed certificate
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
But, the installed certificate is not accessible via X509Store
Below code shows count : 0
using (var store = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
Console.WriteLine($"LocalMachine-> CertificateAuthority-> Count: {store.Certificates.Count}");
foreach (var cert in store.Certificates)
{
Console.WriteLine($"cert: {cert}");
}
}
Below code shows count : 151 and It should be 152 (I think)
using (var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
Console.WriteLine($"LocalMachine-> Root-> Count: {store.Certificates.Count}");
foreach (var cert in store.Certificates)
{
Console.WriteLine($"cert: {cert.IssuerName.Name}");
}
}
Actual behavior
Certificate should show in X509Store
DOCKER FILE
FROM microsoft/dotnet:2.1-runtime AS base
WORKDIR /app
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY TestWebApp1/TestWebApp1.csproj TestWebApp1/
RUN dotnet restore TestWebApp1/TestWebApp1.csproj
COPY . .
WORKDIR /src/TestWebApp1
RUN dotnet build TestWebApp1.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish TestWebApp1.csproj -c Release -o /app
RUN ls -l
RUN ls certificate/
COPY TestWebApp1/certificate/ca.crt /usr/share/ca-certificates/ca.crt
RUN echo ca.crt >> /etc/ca-certificates.conf
RUN ls /usr/local/share/ca-certificates/
RUN dpkg-reconfigure -p critical ca-certificates
RUN update-ca-certificates
RUN awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "TestWebApp1.dll"]
Additional Info
I am running dotnet core 2.1 using LINUX container in Win10 machine.
Output of docker version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:12:48 2018
OS/Arch: windows/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:22:38 2018
OS/Arch: linux/amd64
Experimental: false
Output of docker info
Containers: 10
Running: 0
Paused: 0
Stopped: 10
Images: 148
Server Version: 18.03.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.87-linuxkit-aufs
Operating System: Docker for Windows
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.934GiB
Name: linuxkit-00155d00655c
ID: UMCT:Z232:JAVO:FGJ5:ORSV:CQIC:HX55:EIV7:GEBX:QFFZ:QPUM:PABK
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 19
Goroutines: 36
System Time: 2018-07-24T00:56:58.2456262Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false