Blazor web assesmbly 3.1 -> 5.0: Identity Server issue – System.InvalidOperationException: There was an error loading the certificate

  .net-5, blazor-webassembly, docker, identityserver4

I’m trying to upgrade my blazor wasm app to 5.0. It works fine in development, but when trying to publish to Linux Docker container (to deploy Digital Ocean) I am getting the following error on start up where Identity Server starts:

Unhandled exception. System.InvalidOperationException: There was an error loading the certificate. Either the password is incorrect or the process does not have permisions to store the key in the Keyset 'EphemeralKeySet'
 ---> System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect.
 ---> System.Security.Cryptography.CryptographicException: A certificate referenced a private key which was already referenced, or could not be loaded.
   at Internal.Cryptography.Pal.UnixPkcs12Reader.BuildCertsWithKeys(CertBagAsn[] certBags, AttributeAsn[][] certBagAttrs, CertAndKey[] certs, Int32 certBagIdx, SafeBagAsn[] keyBags, RentedSubjectPublicKeyInfo[] publicKeyInfos, AsymmetricAlgorithm[] keys, Int32 keyBagIdx)

Rolling everything back to pre-migration works fine and I am able to publish again.

I had to remove (opt => opt.PublicOrigin = "example.com/") from services.AddIdentityServer() in startup.cs if that’s a clue.

The .pfx cert is stored on the server and referenced in appsettings.json:

"IdentityServer": {
    "Key": {
      "Type": "File",
      "FilePath": "../cert/IdSrv.pfx",
      "Password": "myPassword" // Need to move this!
    },

I can’t think what’s changed, password and file location are the same. Was there some breaking change that I have overlooked in this regard?

Source: Docker Questions

LEAVE A COMMENT