'Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate

When running my asp.net core application locally in my Linux Docker container, the following error occurs:

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data
   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBio(SafeBioHandle bio, SafePasswordHandle password)
   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)

 

... when instanciating an X509Certificate2 object in my startup.cs:

        services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true).AddEntityFrameworkStores<ApplicationDbContext>();
        var identityServerBuilder = services.AddIdentityServer().AddApiAuthorization<ApplicationUser, ApplicationDbContext>();      

        var certificate = new X509Certificate2(@"abc.pfx", "abc"); // This is where the exception is thrown.
        identityServerBuilder.AddSigningCredential(certificate);

I need this self-signed certificate to run IdentityServer4. When debugging in Visual Studio I have no problems and I can perfectly evaluate all of the pfx's properties.

I generated the pfx file on Linux as follows:

openssl genrsa -out rsa.private 1024
openssl req -new -key rsa.private > rsa.csr
openssl x509 -req -in rsa.csr -signkey rsa.private -out rsa.crt 
openssl pkcs12 -export -in rsa.crt  -inkey rsa.private -out abc.pfx

...and verifying its integrity:

openssl pkcs12 -nokeys -info -nocerts -in abc.pfx

... revealed no problems:

MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

I also used the Microsoft Management Console to generate the pfx, but that results in the same error.

I'm mounting my pfx file executing this Docker run command:

docker run -d=false -p 8080:80 -v abc.pfx:/app/abc.pfx --name mijncont mijncont:dev

My appsettings.json :

"IdentityServer": {
    "Clients": {
      "TEST.Client": {
        "Profile": "IdentityServerSPA"
      }
    },
    "Key": {
      "Type": "Store",
      "StoreName": "My",
      "StoreLocation": "LocalMachine",
      "Name": "CN=mijnsubject"
    }

When running :

docker exec -it mijncont /bin/bash

... the following prompt appears :

root@3815c63cb5c4:/app#

When executing 'ls -la'

I get this :

drwxr-xr-x 2 root root 4096 Jul 13 16:04 abc.pfx

However when I include this line in my Startup.cs :

Console.WriteLine("Size: "+ new System.IO.FileInfo("abc.pfx").Length);

... .Net throws an exception saying that the file doesn't exist.

I included the directory containing the pfx file in Docker -> Settings -> Resources -> File sharing

Anyone?



Solution 1:[1]

The problem lied in the way I mounted my abc.pfx file.

This :

docker run -d=false -p 8080:80 -v abc.pfx:/app/abc.pfx --name mijncont mijncont:dev

...mounts a directory called abc.fpx in the container (holding the abc.pfx file)

If I specify an absolute path :

docker run -d=false -p 8080:80 -v C:\mysolution\abc.pfx:/app/abc.pfx --name mijncont 

...only the file is mounted to the 'app' directory which is what I want.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1