OpenShift Series: SSL certificates and trust stores for dotnet core app on OpenShift

Image by <a href=”https://www.freepik.com/free-photo/standard-quality-control-collage-concept_30589243.htm#from_view=detail_serie">Freepik</a>

Introduction

Imagine you are developing your dotnet core application to run in container on OpenShift or Kubernetes. You need to either call an external web service or internal web service that is secured using SSL certificate.

If your dotnet core app does not trust the root CA who issues the certificate, web service call from your app will fail with certificate not trusted error or similar.

You can find multiple references as how you write code to load root CA certificate in truststore for your dotnet core application. Let me remind you, the way trust stores work on Windows is different that they work in Linx env.

Let’s see an alternate easier way to work with truststore and SSL certificates for your containerized dotnet core app.

The approach is based on openssl’s out of the box support to manage certificates. The OpenSSL libraries use environment variables to override the compiled-in default paths for various data. You see, openssl supports two ENV variables, SSL_CERT_DIR and SSL_CERT_FILE. As the name suggests, this specifies the default directory or file containing CA certificates. You can read more about it /docs/man3.0/man7/openssl-env.html