Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not Able to Trust the Certificate in the Azure Linux Container App #112485

Closed
yogesh789 opened this issue Feb 12, 2025 · 5 comments
Closed

Not Able to Trust the Certificate in the Azure Linux Container App #112485

yogesh789 opened this issue Feb 12, 2025 · 5 comments
Labels
area-System.Security needs-author-action An issue or pull request that requires more info or actions from the author. no-recent-activity question Answer questions and provide assistance, not an issue with source code or documentation.

Comments

@yogesh789
Copy link

Description

Hi Team,

Hope you are doing well.

I'm not able to trust the Certificate to connect with the vault Hashicorp in the Azure Linux Container App and getting below Error. Same code of statement is working fine in the Windows environment.

Image

Reproduction Steps

I tried to trust the certificate in the Azure Linux container using the below approaches but it's failing in the both cases.

In the publicServiceCertificate I'm using the string from the cert.txt file.

Cert.txt

Approach-1:

byte[] certBytes = Encoding.UTF8.GetBytes(publicServiceCertificate);
X509Certificate2 cert = new(certBytes);

using (X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser, OpenFlags.ReadWrite))
{
store.Add(cert);
store.Close();
}

Approach-2:

byte[] data = Convert.FromBase64String(publicServiceCertificate);
string certString = Encoding.UTF8.GetString(data);
X509Certificate2 cert = X509Certificate2.CreateFromPem(certString);

using (X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser, OpenFlags.ReadWrite))
{
store.Add(cert);
store.Close();
}

Expected behavior

After executing the Above code statement it should upload the certificate in the azure environment and should trust the application to establish the connection with Vault Hashicorp.

Actual behavior

When I tried to executing Code (Mentioned in the Reproduction Steps) it's returning below error.

Image

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

No response
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Feb 12, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@vcsjones
Copy link
Member

Your certificate is just a base64 encoded DER. Loading it should look something like this:

byte[] certBytes = Convert.FromBase64String(publicServiceCertificate);
X509Certificate2 cert = new(certBytes);

using (X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser, OpenFlags.ReadWrite)) {
    store.Add(cert);
    store.Close();
}

@vcsjones vcsjones added question Answer questions and provide assistance, not an issue with source code or documentation. and removed untriaged New issue has not been triaged by the area owner labels Feb 12, 2025
@vcsjones vcsjones added this to the Future milestone Feb 12, 2025
@bartonjs bartonjs added the needs-author-action An issue or pull request that requires more info or actions from the author. label Feb 14, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

This issue has been marked needs-author-action and may be missing some important information.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

This issue has been automatically marked no-recent-activity because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will remove no-recent-activity.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

This issue will now be closed since it had been marked no-recent-activity but received no further activity in the past 14 days. It is still possible to reopen or comment on the issue, but please note that the issue will be locked if it remains inactive for another 30 days.

@dotnet-policy-service dotnet-policy-service bot removed this from the Future milestone Mar 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Security needs-author-action An issue or pull request that requires more info or actions from the author. no-recent-activity question Answer questions and provide assistance, not an issue with source code or documentation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vcsjones @bartonjs @yogesh789