stackoom
  简体   繁体   中英

Certificate null error on local azure service fabric

 原文  2020-01-06 04:25:00       .net/ azure/ asp.net-core/ azure-service-fabric/ x509certificate

Question

Trying to run Azure Service Fabric application on my local, all services are running except one which throws certificate cannot be null exception.Below is code snippet to get certificate.

Have installed certificate on my local for local machine and current user.

在此处输入图片说明

在此处输入图片说明

/// <summary>
/// Finds the ASP .NET Core HTTPS development certificate in development environment. Update this method to use the appropriate certificate for production environment.
/// </summary>
/// <returns>Returns the ASP .NET Core HTTPS development certificate</returns>
private static X509Certificate2 GetCertificateFromStore()
{
    string aspNetCoreEnvironment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
    if (string.Equals(aspNetCoreEnvironment, "Development", StringComparison.OrdinalIgnoreCase))
    {
        const string aspNetHttpsOid = "1.3.6.1.4.1.311.84.1.1";
        const string CNName = "CN=localhost";
        using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
        {
            store.Open(OpenFlags.ReadOnly);
            var certCollection = store.Certificates;
            var currentCerts = certCollection.Find(X509FindType.FindByExtension, aspNetHttpsOid, true);
            currentCerts = currentCerts.Find(X509FindType.FindByIssuerDistinguishedName, CNName, true);
            return currentCerts.Count == 0 ? null : currentCerts[0];
        }
    }
    else
    {
        throw new NotImplementedException("GetCertificateFromStore should be updated to retrieve the certificate for non Development environment");
    }
}

1 answers

solution1
 0  2020-01-06 08:40:42

You should try to copy the cert files to a location where the Service Fabric service account can pick them up on startup, and either read them directly, or write them to **new X509Store(StoreName.My, StoreLocation.CurrentUser)** for subsequent use.

Check this doc for further reference:

https://github.com/dotnet/corefx/blob/master/Documentation/architecture/cross-platform-cryptography.md#x509store

and please ensure you are not following the one of the mentioned scenario.

You can use a [SetupEntryPoint][1] that runs as a user with **AccountType="LocalSystem"** to run the SetupEntryPoint

Alternatively , you can use Azure key vault to store the certificate and then read it from there. You can find sample code here:

https://docs.microsoft.com/en-us/azure/service-fabric/how-to-managed-identity-service-fabric-app-code#accessing-key-vault-from-a-service-fabric-application-using-managed-identity

Hope it helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure service fabric : IReliableQueue Configure Azure deployment for Service Fabric Azure Service Fabric and Message Queues HTTP Endpoint for WCF Service in Azure Service Fabric Azure Service Fabric - Delete Actor with custom Service Service Fabric Local Cluster Manager not reachable Service Fabric Package Activation Error Azure service fabric actor for long running tasks Azure Service Fabric - profiling standalone cluster apps Azure Service Fabric Actors - unhandled exceptions?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM