“error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure” when generating self signed certificate for Identity Server 4

docker identityserver4 x509certificate x509certificate2
skyrunner picture skyrunner · Nov 28, 2018 · Viewed 7.8k times · Source

We're developing a microservices app on Kubernetes. One of the microservices is IdentityServer instance. Initially, I want to test the solution locally on Docker to make sure it works. For this purpose, I want to copy the certificate to appsettings.json. Eventually this value will be replaced by a Kubernetes secret. In my startup class this is how I'm trying to load my certificate:

services.AddIdentityServer()
     .AddSigningCredential(GetIdentityServerCertificate())
     .AddConfigurationStore(...


    private X509Certificate2 GetIdentityServerCertificate()
    {
        var clientSecret = Configuration["Certificate"];
        var pfxBytes = Convert.FromBase64String(clientSecret);
        var certificate = new X509Certificate2(pfxBytes, "PasswordHere");
        return certificate;
    }

The certificate is generated by me using openssl:

openssl req –newkey rsa:2048 –nodes –keyout XXXXX.key –x509 –days 365 –out XXXXX.cer

openssl pkcs12 –export –in XXXX.cer –inkey XXXX.key –out XXXX.pfx

Then I get the certificate by using:

$pfxFilePath = 'C:\XXXX.pfx'
$pwd = 'PasswordHere'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)

I grab the $fileContentEncoded value and paste it into appsettings.json.

When i debug it, the result is: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure when i'm trying to create X509Certificate2 object using the method above.

Answer

Related questions

"InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'"

I've deployed my API and Client app on Docker, but for the life of me, the web app cannot call the API, I keep getting an exception. I added the following line suggested in other posts, but it did not …

Read More
How to get a Docker container's IP address from the host

Is there a command I can run to get the container's IP address right from the host after a new container is created? Basically, once Docker creates the container, I want to roll my own code deployment and container configuration …

Read More
How to copy files from host to Docker container?

I am trying to build a backup and restore solution for the Docker containers that we work with. I have Docker base image that I have created, ubuntu:base, and do not want have to rebuild it each time with …

Read More