我有一个ASP。NET web应用程序在ubuntu 20.04上,我使用.pfx格式的SSL证书,效果很好。但是,我想学习如何对.pem文件执行同样的操作。
我知道可以在appsettings.json中这样做,并通过HttpsFromPem密钥:
{
"Kestrel": {
"Endpoints": {
"HttpsInlineCertAndKeyFile": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "<path to .pem/.crt file>",
"KeyPath": "<path to .key file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
}
}
}
}
我知道如何使用.pfx格式,如下所示:
var httpsCert = Environment.GetEnvironmentVariable("HTTPS_CERT");
var httpsCertKey = Environment.GetEnvironmentVariable("HTTPS_CERT_KEY");
if (httpsCert != null && httpsCertKey != null)
{
options.Listen(IPAddress.Loopback, 5001,
listenOptions => listenOptions.UseHttps(httpsCert, httpsCertKey));
}
来源-https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-6.0
我的问题是:如何配置Kestrel从代码中的.pem文件读取证书?
您可以使用加载它
var pemPath = //read in from configuration
var privateKeyPath = //read in from configuration
var certificate = X509Certificate2.CreateFromPemFromFile(pemPath, privateKeyPath);
然后,当你配置Kestrel时,你可以用这样的东西来配置Ketrel。
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel(options =>
{
options.ConfigureHttpsDefaults(adapterOptions =>
{
adapterOptions.ServerCertificate = certificate
});
});
}