I am running in Local using Docker an Ocelot API gateway (https://localhost:5010) service that calls a Dot net core API (https://localhost:5003).
I used self signed certificates and both services are secure:
To make it work locally I add in Ocelot.Development.json:
"DownstreamPathTemplate": "/ActivityTypes",
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "xplora.api",
"Port": "443"
}
],
"UpstreamPathTemplate": "/ActivityTypes",
"UpstreamHttpMethod": [ "GET" ],
"RateLimitOptions": {
"ClientWhitelist": [],
"EnableRateLimiting": true,
"Period": "3s",
"PeriodTimespan": 1,
"Limit": 1
},
"FileCacheOptions": { "TtlSeconds": 30 }
}
Where xplora.api is the name of the container defined in docker-compose.
container_name: xplora.api
environment:
When I access the Ocelot api gateway I get this error:
xploraproject-xploraapigateway-1 | requestId: 0HMDG3PCRH54C:00000001, previousRequestId: no previous request id, message: Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
xploraproject-xploraapigateway-1 | ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
xploraproject-xploraapigateway-1 | at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
xploraproject-xploraapigateway-1 | at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
xploraproject-xploraapigateway-1 | at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
xploraproject-xploraapigateway-1 | --- End of inner exception stack trace ---
xploraproject-xploraapigateway-1 | at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
I suspect the problem is that when I try to access this services using localhost it works fine because the certificate is assigned to localhost domain but when Ocelot tries to use https://xplora.api:5003 this certificate is not working. Am I right? If so.. how can I make it work? I used "DangerousAcceptAnyServerCertificateValidator": true in Ocelot.Development.json and it works but I want a real solution, without using DangerousAcceptAnyServerCertificateValidator.
Thanks
