Support for PEM certificates when using ssl #785
Comments
|
The easiest is to use Please note that this is only supported for netcoreapp3.1 ; .NET 5.0 and higher. You can try preview version |
Thx for your fast response! tried it, but somehow got this message: Use it like this: this is also more helpfull Seems like something is not working with Kestrel en Pem x509Certificate2. According to this post: https://stackoverflow.com/questions/67147703/get-the-server-mode-ssl-must-use-a-certificate-with-the-associated-private-key The pfx needs to be created inmemory from the pem file and exported with a random key then. Something to tryout tough. sigh Don't know if you want o include something like this, so I can try it out? (copy paste from the stackoverflow tough. |
|
Can you try |
|
Yes, Same result: settings are used like this: other stacktraces that be usefull I did see you, you didnt do the "trick" with the line |
|
Code updated with: New preview will be available within few minutes. |
|
blush what is the preview? cant seem to find it on actions ? will try it tomorrow :) |
|
@kriebb Also if you can send me test PEM = password (or tell me how to generate it), I can also test on my machine. |
|
Latest preview (1.5.3-ci-16357) should work fine. I based my example + logic on https://www.scottbrady91.com/c-sharp/pem-loading-in-dotnet-core-and-dotnet |
|
Sorry, the same behavior occurs. However, intresting read that you mention. When I read at the end: So you cant pass an x509Certificate to Kestrel, because it fucks something up in windows when opening an SSLStream ( as designed it seems) The CI pipeline at the company dont give any access to the system keyset. So the current solution that is built in ( works fine on my machine tough) However, when I read further more on: So just passing filepaths to the KestrelEndPointOptions should be able to work. Are you in for a final try? after then, I give up. But that article that you mentioned, really confirms what I was thinking, You dont need access to the store using PEM ( or am I misreading it?) You asked on how I was creating the PEM Using the following: https://www.cryptool.org/en/cto/openssl |
|
1 2 {
"Kestrel": {
"Endpoints": {
"HttpsFromPem": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "../cert.pem",
"KeyPath": "../ecc.pem"
}
}
}
}
}This is already supported by WireMock.Net, see https://github.com/WireMock-Net/WireMock.Net/wiki/KestrelServerOptions |
|
@kriebb RSA does also work when I follow https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl See my PR for details. |
|
Seems to work 👍 What also a good way of having a valid certificate (if you work with local host is using the dotnet dev-certs https -v -ep $(HOME).aspnet\https --format pem" |
|
OK, I'll merge the code to master and close this issue. |
Is your feature request related to a problem? Please describe.
When running dotnet test on a builderserver using systemtests with Wiremock ssl custom certificates, a pfx can be specified, but gives problems when loading the pfx on a build server:
I can replay this on a buildserver creating a test just running this code
However when using the PEM format, this works.
Describe the solution you'd like
In the CertificateLoader you have the code
You can modify the if statements to look at the extension.
If(filepath.Endswith(pem)return
X509.LoadFromPem(filepath,password)where the password is the filepath to the keyOther solution can be to use a
IX509Certificate2Factorythat you can supply using the services or to the add it to the settings and when that is available, use the factory... any suggestions?
Describe alternatives you've considered
Try to persude the devops people to give access to the certification store
google, and try to convert the pfx to other supported pfx`s formats like DER.
Is your feature request supported by WireMock (java version)? Please provide details.
PEM doesnt seem to be supported. Only jwks on wiremock.org
Additional context
The text was updated successfully, but these errors were encountered: