To leverage self-signed certificates in Docker you need to pass them somehow. There are multiple ways to do this:
- via COPY command during image build (considered as a bad practice, since you can't launch the same image in multiple environments now (dev/stag/prod, etc.)
- create a certificate in the hosting environment and share them with the container via shared volumes
- keep certificates in some external vault like Azure KeyVault for instance.
Let's spread some light on the second approach:
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Password="test" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/local-cert-storage/aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:/local-cert-storage/ mygrpc
The certificate created in the previous post now is shared with the docker container via: -v %USERPROFILE%\.aspnet\https:/https/
Not we need to override the default certificate location via the environment variable:
-e ASPNETCORE_Kestrel__Certificates__Default__Path=/local-cert-storage/aspnetapp.pfx
Note: When you try to use *.pfx certificates without passwords or *.cer certificates without private keys, you will get the following error: System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.