Loading certificate.pfx with password in linux doesn't work

Ваня К 101 Reputation points
2021-11-02T23:05:33.053+00:00

Hello I deploy my app on linux, but I found problem with loading certificate with password doesn't work when I start my app server side.

Exampale: 

 public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    var cert = new X509Certificate2("/etc/ssl/certs/certificate.pfx","******"); // doesn't work
                    webBuilder.UseStartup<Startup>();
                    webBuilder.ConfigureKestrel(serverOoptions =>
                    {
                          . . . .  . .  .
                    }
                 }

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib
at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at GrpcService.Program.<>c.<CreateHostBuilder>b__4_0(IWebHostBuilder webBuilder) in D:\GrpcService\Program.cs:line 56
at Microsoft.Extensions.Hosting.GenericHostBuilderExtensions.<>c__DisplayClass0_0.<ConfigureWebHostDefaults>b__0(IWebHostBuilder webHostBuilder)
at Microsoft.Extensions.Hosting.GenericHostWebHostBuilderExtensions.ConfigureWebHost(IHostBuilder builder, Action1 configure, Action1 configureWebHostBuilder)
at Microsoft.Extensions.Hosting.GenericHostWebHostBuilderExtensions.ConfigureWebHost(IHostBuilder builder, Action1 configure) at Microsoft.Extensions.Hosting.GenericHostBuilderExtensions.ConfigureWebHostDefaults(IHostBuilder builder, Action1 configure)
at GrpcService.Program.CreateHostBuilder(String[] args) in D:\GrpcService\Program.cs:line 53
at GrpcService.Program.Main(String[] args) in D:\GrpcService\Program.cs:line 29
Aborted

And if load certificate without password app good working.
What happened?
Any tips, thank's!

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,363 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,229 questions
0 comments
Accepted answer
  1. Ваня К 101 Reputation points
    2021-11-03T20:18:03.887+00:00

    Yes it's true, this exception about permission to certificate, I set sudo chmod 755 /etc/ssl/cert/your certificate and this solved for me. Thank's

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lex Li (Microsoft) 4,662 Reputation points Microsoft Employee
    2021-11-03T01:11:27.287+00:00

    It has been discussed a while ago,

    https://github.com/dotnet/runtime/issues/24051

    Literally that error message means access denied, and your app couldn't access the file at that location.

    0 comments