Curl SSL Error - Linux Containerized application making HTTPS call

[latchkostov]

I am using the following Dockerfile to create a container:

FROM microsoft/aspnetcore:1.1.2
ARG source
WORKDIR /app
EXPOSE 80
COPY PublishOutput .
ENTRYPOINT ["dotnet", "IdentityServer4.Management.dll"]

It seems that if my container has to make any outbound calls via HTTPS, an exception is thrown, referencing curl:

System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.CurlException: SSL connect error

This seems to happen even when the remote side has a valid certificate. I have been able to bypass this by attaching the following HttpHandlerto an HttpClient, which seems to bypass the issues:

var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; };

What am I missing here, and why am I having to do this as a workaround?

Upon trying to research this, I came across some discussions that a "client certificate" is needed to establish this connection, with no concrete examples.

Also, I am technically using Rancher for our Docker management system, which has a set of infrastructure that these containers run on. Not sure if that makes a difference at all, but figured I would mention it.

[latchkostov]

Closed. I realized I needed to import CA chain certs into my container.

I ended up adding the following lines to my Dockerfile:

RUN curl -o /usr/share/ca-certificates/my_ca_chain.crt https://somelocation/my_ca_chain.crt
RUN echo "my_ca_chain.crt" >> /etc/ca-certificates.conf && update-ca-certificates