Installing a custom ca certificate in a docker container does not work

  .net-core, c#, certificate, docker

I’m trying to install a .crt file into a linux docker container right now. I’m trying this with the VS2019 generated Dockerfile on a .Net Core project.

Here’s the Dockerfile:

FROM AS base

ENV MooMed_Cache_BaseTtlInSeconds=3600

COPY "Certs/moomed.crt" /usr/local/share/ca-certificates/moomed.crt

FROM AS build
COPY ... (I omitted some lines here to save space)
RUN dotnet restore "Services/MooMed/MooMed.Web.csproj"
COPY . .
WORKDIR "/src/Services/MooMed"
RUN dotnet build "MooMed.Web.csproj" -c Release -o /app/build

FROM build AS publish 
RUN dotnet publish "MooMed.Web.csproj" -c Release -o /app/publish

FROM base AS final
RUN chmod 644 /usr/local/share/ca-certificates/moomed.crt
RUN update-ca-certificates
RUN awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MooMed.Web.dll"]

However, the moomed.crt certificate is not properly registered, as I can’t read it when running my application and trying to access the store with:

var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
var certs = store.Certificates;

certs does not contain the certificate in question, and the RUN awk.. command also does not list it.

I already went into the container, checked for the file existence and ran update-ca-certificates manually. No luck.

Where am I going wrong?

EDIT: I regenerated a certificate with openssl this time, and now I at least find my certificate in the list which RUN awk … puts out. However, I still can’t access it through the X509Store code.

Source: StackOverflow