0

I have .net core 7 solution which is dockerized in a compose file like below:

version: '3.4'

services:
  sqldb:
    image: mcr.microsoft.com/azure-sql-edge
    ports:
      - "1433:1433"
    environment:
      - SA_PASSWORD=PASSWORD
      - ACCEPT_EULA=Y

  product-api:
    image: ${DOCKER_REGISTRY-}productapi
    build:
      context: .
      dockerfile: src/productapi/WebApi/Dockerfile
    depends_on:
      - "sqldb"

  live-api:
    image: ${DOCKER_REGISTRY-}live
    build:
      context: .
      dockerfile: src/LiveAPI/Web/Dockerfile
    depends_on:
      - "sqldb"
      - "product-api"

and a compose override like below:

version: '3.4'

services:    
  product-api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - "5200:443"
      - "5201:80"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

  live-api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - "5300:443"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

So, when I try to call rest api in "product-api" from "live-api" service, I get the following exception:

The SSL connection could not be established, see inner exception. -> The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

I tried many solutions, but none of them has been worked for me!

What I tried:

Disable SSL validation in "live-api" service.

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) =>
            {
                // local dev, just approve all certs
                if (development) return true;
                return errors == SslPolicyErrors.None;
            };

How I tried to call the API:

Imran Sh
  • 1,623
  • 4
  • 27
  • 50
  • Before trying more solutions, tell me now what is the root cause of that error based on your investigation? If you don't know that yet, then trying more is useless. – Lex Li Feb 10 '23 at 20:24
  • @LexLi Actually, I don't know. – Imran Sh Feb 10 '23 at 20:49
  • 1. Verify what’s the certificate configured for product-api and see if you replace it with a valid one with your network administrators. 2. Even if you need to disable TLS validation , instead of fixing certificate, you should identify the actual line of code that triggers the exception on caller side. Things like `HttpClient` have their own ways to skip validation, so merely changing `ServicePointManager` isn’t right. – Lex Li Feb 10 '23 at 23:03
  • @LexLi I am using restsharp library for http requests, I tried another solution as in https://stackoverflow.com/a/56351003/3096477 and it didn't work as well. With certificate I need more time while I'm not expert in it. – Imran Sh Feb 11 '23 at 13:39

0 Answers0