Asp.Net-Core Application in docker over https

After trying around a bunch more, I ended up re-doing the whole certification process again. Only this time, I went with openssl all the way.

I'll briefly outline my steps for anyone facing the same problem:

I followed this post to the letter.

This way I've set up a CA certificate that I can trust in both Windows and Linux (Docker) environments, called cacert.crt. I've then created a certificate signing request as outlined in the linked answer, used the CA certificate to sign it and obtain a valid SSL certificate, called servercert.pfx. The guide only specified .pem files, but converting between the formats using the openssl cli tool is really easy.

I've then checked in both into my source control and edited my dockerfile and compose file.

I then installed the cacert.crt into my local machine's cert store under the trusted root authorities category.

In the dockerfile I put the following right before the ENTRYPOINT:

COPY ["servercert.pfx", "/https/servercert.pfx"]
COPY ["cacert.crt", "/usr/local/share/ca-certificates/cacert.crt"]
RUN update-ca-certificates

In the docker-compose.yml I put the following under environment:

 - ASPNETCORE_URLS=https://0.0.0.0:5000
 - ASPNETCORE_HTTPS_PORT=5000
 - ASPNETCORE_Kestrel__Certificates__Default__Password={YourPw}
 - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/servercert.pfx

The actual port number as well as the value for the password have to be adapted as needed, obviously.

This solved all my problems. All browsers are now happily navigating with no SSL errors to https://localhost:5000 which is serving from within docker. I can also connect to the docker container and run $ curl https://localhost:5000 and $ curl https://dockerDnsName:5000 with no problem. This also fixed all problems with HttpClient.


Some additional info to Jejuni's answer.

Converted .pem file into .pfx with

sudo openssl pkcs12 -export -out servercert.pfx -inkey serverkey.pem -in servercert.pem

Also had to edit its availability

sudo chmod +r servercert.pfx

On Arch Linux, I added the cacert to trusted sources

sudo trust anchor --store cacert.pem

Finally, after several misguided guides across the internet, HTTPS on localhost is working like it should.