[How To] Migrate dotnet core project signing certificate to Linux Workstation

Contributions Tutorials
, ,
1

Continuing the discussion from How can I install certificates:

The part below is excerpt from the original topic - credit @ZeR0ByTe

dotnet certificate store

My project has a .pfx file with a password.

The first thing I had to research was where dotnet saves the files.

This dotnet storage location is:

~/.dotnet/corefx/cryptography/x509stores/

Attach the certificate

Reading this link (that I posted before), I saw this code:

using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite))
{
    store.Add(new X509Certificate2(
        "./thePathToTheCert.pfx", "passwordOfTheCert", 
        X509KeyStorageFlags.PersistKeySet));
}

And finally, with this, I understood that the certificates are stored in ~/.dotnet/corefx/cryptography/x509stores/, and the filename is changed to the thumbprint of the .pfx.

I created a bash code doing this process:

importcert() {
    cert_path="$1"
    cert_password="$2"

    thumbprint=$(openssl pkcs12 -in "$cert_path" -passin "pass:$cert_password" -nokeys -nomacver -clcerts | openssl x509 -noout -fingerprint | cut -d'=' -f2 | tr -d ':')

    openssl pkcs12 -in "$cert_path" -passin "pass:$cert_password" -nodes -out ~/.dotnet/corefx/cryptography/x509stores/my/$thumbprint.pfx

    echo "Certificate stored in ~/.dotnet/corefx/cryptography/x509stores/my with the thumbprint: $thumbprint"
}

With this I could solve the first problem.

Browser certificate

After that I had another problem because I needed another certificate for the browser. I don’t remember exactly this step but I downloaded the certificate from Chrome and I stored in /etc/ssl/certs/ and my website was running perfectly.

I tested this removing the certificates, running the functions and all the things and yes, doing this steps all was working good.

And in my work, all are using Windows and for that I added an if to choose the platform to take the certicate:

var locations = Environment.OSVersion.Platform == PlatformID.Unix
    ? new[] { StoreLocation.CurrentUser }
    : new[] { StoreLocation.LocalMachine, StoreLocation.CurrentUser };

foreach (var location in locations)
{
    using (var store = new X509Store(storeName, location))
    {
        store.Open(OpenFlags.IncludeArchived);

        var cert = store.Certificates
            .OfType<X509Certificate2>()
            .FirstOrDefault(c => string.Equals(c.Thumbprint, thumbprint, StringComparison.CurrentCultureIgnoreCase));

        if (cert != null)
        {
            return cert;
        }
    }
}

In Linux is only the place:

{ StoreLocation.CurrentUser }

but in Windows the places are:

{ StoreLocation.LocalMachine, StoreLocation.CurrentUser }
1 Like
2

Happy that my research will help others! :slight_smile:

1 Like