I get a warning on https://locahost:7001 telling me Your connection is not private and giving the message net::ERR_CERT_AUTHORITY_INVALID. I want to avoid mouting a local directory. Instead, I decided to secrets and services. Unfortunately, I still get the same error. The HTTP version works as supposed to.
First I obtain the certificate like this.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.crt -subj "/CN=localhost"
openssl pkcs12 -export -out cert.pfx -inkey cert.key -in cert.crt -password pass:"HakunaMatata"
I distribute the cert.pfx files to the image in Dockerfile (verifying it's found and can be read).
FROM mcr.microsoft.com/dotnet/aspnet:8.0
...
ENV ASPNETCORE_HTTPS_PORTS="7001" ENV ASPNETCORE_Kestrel__Certificates__Default__Path="./cert.pfx"
ENV ASPNETCORE_Kestrel__Certificates__Default__Password="HakunaMatata"
...
COPY cert.pfx .
Finally, I create a secret and add it to a service. (At this point, I'm unsure what I'm doing but I can confirm that a second container called servce.1.vr0tnalfk9ach5nd3dk6ls6lm is running next to the actual API I'm executing since before.)
docker swarm init
docker secret create cert .\cert.pfx
docker service create --name security --secret cert api
It's a bit worrysome that both containers are publishing the same ports but I can't determine if it's a problem, let alone if it's relevant.
f250073b7ae6 api "dotnet Api.dll" Up 11 minutes 0.0.0.0:5001->5001/tcp, 0.0.0.0:7001->7001/tcp MyCoolApi
c62102f9d22f api:latest "dotnet Api.dll" Up 16 minutes 5001/tcp, 7001/tcp security.1.vr0tnalfk9ach5nd3dk6ls6lm
I also import said certificate into my physical computer where the browser runs and verify its presence.
Import-Certificate -FilePath "cert.crt" -CertStoreLocation Cert:\LocalMachine\Root
Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -match "localhost" }
What am I confused about and how do I troubleshoot it further?
