我有一个使用dotnet 6构建的WebAPI应用程序。此应用程序使用SSL证书私钥加密一些输入xml文件。SSL证书依赖于主机,主机使用docker-compose安装在docker映像上。要加密的xml也位于SSL证书所在的文件夹中。当我尝试从容器中读取此证书时,我得到以下错误:
Type of Exception :Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException Exception Message: Object was not found. Exception Stack Trace: at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags).
但是,如果相同的应用程序直接在主机上运行而没有docker容器,它可以读取证书并加密文件。知道根本原因是什么吗?
添加用户:ContainerAdministrator"在docker-compose。Yml解决了这个问题
services:
myservice:
user: "ContainerAdministrator"