Continuing the discussion from How can I install certificates:
The part below is excerpt from the original topic - credit @ZeR0ByTe
dotnet certificate store
My project has a .pfx
file with a password.
The first thing I had to research was where dotnet saves the files.
This dotnet storage location is:
~/.dotnet/corefx/cryptography/x509stores/
Attach the certificate
Reading this link (that I posted before), I saw this code:
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite))
{
store.Add(new X509Certificate2(
"./thePathToTheCert.pfx", "passwordOfTheCert",
X509KeyStorageFlags.PersistKeySet));
}
And finally, with this, I understood that the certificates are stored in ~/.dotnet/corefx/cryptography/x509stores/
, and the filename is changed to the thumbprint of the .pfx
.
I created a bash code doing this process:
importcert() {
cert_path="$1"
cert_password="$2"
thumbprint=$(openssl pkcs12 -in "$cert_path" -passin "pass:$cert_password" -nokeys -nomacver -clcerts | openssl x509 -noout -fingerprint | cut -d'=' -f2 | tr -d ':')
openssl pkcs12 -in "$cert_path" -passin "pass:$cert_password" -nodes -out ~/.dotnet/corefx/cryptography/x509stores/my/$thumbprint.pfx
echo "Certificate stored in ~/.dotnet/corefx/cryptography/x509stores/my with the thumbprint: $thumbprint"
}
With this I could solve the first problem.
Browser certificate
After that I had another problem because I needed another certificate for the browser. I don’t remember exactly this step but I downloaded the certificate from Chrome and I stored in /etc/ssl/certs/
and my website was running perfectly.
I tested this removing the certificates, running the functions and all the things and yes, doing this steps all was working good.
And in my work, all are using Windows and for that I added an if
to choose the platform to take the certicate:
var locations = Environment.OSVersion.Platform == PlatformID.Unix
? new[] { StoreLocation.CurrentUser }
: new[] { StoreLocation.LocalMachine, StoreLocation.CurrentUser };
foreach (var location in locations)
{
using (var store = new X509Store(storeName, location))
{
store.Open(OpenFlags.IncludeArchived);
var cert = store.Certificates
.OfType<X509Certificate2>()
.FirstOrDefault(c => string.Equals(c.Thumbprint, thumbprint, StringComparison.CurrentCultureIgnoreCase));
if (cert != null)
{
return cert;
}
}
}
In Linux is only the place:
{ StoreLocation.CurrentUser }
but in Windows the places are:
{ StoreLocation.LocalMachine, StoreLocation.CurrentUser }