'Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate
When running my asp.net core application locally in my Linux Docker container, the following error occurs:
Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBio(SafeBioHandle bio, SafePasswordHandle password)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
... when instanciating an X509Certificate2 object in my startup.cs:
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true).AddEntityFrameworkStores<ApplicationDbContext>();
var identityServerBuilder = services.AddIdentityServer().AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
var certificate = new X509Certificate2(@"abc.pfx", "abc"); // This is where the exception is thrown.
identityServerBuilder.AddSigningCredential(certificate);
I need this self-signed certificate to run IdentityServer4. When debugging in Visual Studio I have no problems and I can perfectly evaluate all of the pfx's properties.
I generated the pfx file on Linux as follows:
openssl genrsa -out rsa.private 1024
openssl req -new -key rsa.private > rsa.csr
openssl x509 -req -in rsa.csr -signkey rsa.private -out rsa.crt
openssl pkcs12 -export -in rsa.crt -inkey rsa.private -out abc.pfx
...and verifying its integrity:
openssl pkcs12 -nokeys -info -nocerts -in abc.pfx
... revealed no problems:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
I also used the Microsoft Management Console to generate the pfx, but that results in the same error.
I'm mounting my pfx file executing this Docker run command:
docker run -d=false -p 8080:80 -v abc.pfx:/app/abc.pfx --name mijncont mijncont:dev
My appsettings.json :
"IdentityServer": {
"Clients": {
"TEST.Client": {
"Profile": "IdentityServerSPA"
}
},
"Key": {
"Type": "Store",
"StoreName": "My",
"StoreLocation": "LocalMachine",
"Name": "CN=mijnsubject"
}
When running :
docker exec -it mijncont /bin/bash
... the following prompt appears :
root@3815c63cb5c4:/app#
When executing 'ls -la'
I get this :
drwxr-xr-x 2 root root 4096 Jul 13 16:04 abc.pfx
However when I include this line in my Startup.cs :
Console.WriteLine("Size: "+ new System.IO.FileInfo("abc.pfx").Length);
... .Net throws an exception saying that the file doesn't exist.
I included the directory containing the pfx file in Docker -> Settings -> Resources -> File sharing
Anyone?
Solution 1:[1]
The problem lied in the way I mounted my abc.pfx file.
This :
docker run -d=false -p 8080:80 -v abc.pfx:/app/abc.pfx --name mijncont mijncont:dev
...mounts a directory called abc.fpx in the container (holding the abc.pfx file)
If I specify an absolute path :
docker run -d=false -p 8080:80 -v C:\mysolution\abc.pfx:/app/abc.pfx --name mijncont
...only the file is mounted to the 'app' directory which is what I want.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 |