stackoom
  简体   繁体   中英

Cert error connecting to AWS DocumentDB from Docker C# app

 原文  2021-04-09 00:11:12       c#/ mongodb/ aws-documentdb

Question

My .net Core app works and connects fine from my host machine.

Once built and run from a docker container it fails with error System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

The mongo connection string used mongodb://user@xxxx.amazonaws.com/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false&connectTimeoutMS=3000

I've verified the cert file is in the directory with the rest of my binaries when the app is run using RUN wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -P /app

I've also tried to install the cert using the do.net-certificate-tool within the container.

Update: I was able to get the p7b version of the cert to work but it had to be loaded via code. It could not be loaded from the OS cert store.

1 answers

solution1
 1  2022-03-24 22:40:20

Same issue using Net core 6 web api deployed to docker Debian GNU/Linux 11 with error message: A timeout occurred after 30000ms selecting a server...tldr;cut;tldr;...Driver.MongoConnectionException: An exception occurred while opening a connection to the server.\n ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain\n...tldr;cut;...

And solved by adding some lines in Dockerfile

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base

# add AWS RDS CA bundle
ADD https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem /tmp/rds-ca/aws-rds-ca-bundle.pem
# split the bundle into individual certs (prefixed with xx)
# see http://blog.swwomm.com/2015/02/importing-new-rds-ca-certificate-into.html
RUN cd /tmp/rds-ca && cat aws-rds-ca-bundle.pem|awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ""}' \
    && for CERT in /tmp/rds-ca/cert*; do mv $CERT /usr/local/share/ca-certificates/aws-rds-ca-$(basename $CERT).crt; done \
    && rm -rf /tmp/rds-ca \
    && update-ca-certificates

WORKDIR /app
EXPOSE 80
EXPOSE 443
...
...
...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question connection error while connecting to AWS DocumentDB AWS DocumentDB ECONNRESET error with SSH tunneling from Mongo shell Task timed out when connecting documentdb through pymongo in aws lambda Error when connecting CloudSQL MySQL public IP from C# CloudRun AWS Lambda connecting DocumentDb instance got MongoServerSelectionError: getaddrinfo EAI_AGAIN Connect to AWS DocumentDB from outside (not from VPC or ssh tunneling) Is Orion compatible with AWS DocumentDB Is ToroDB available for aws DocumentDB Error connecting to DynamoDB Docker Container Alternative to schema validation in AWS DocumentDB
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM