Starts in:
0 DAY
23 HRS
46 MIN
8 SEC
Starts in:
0 D
23 H
46 M
8 S
Open Closed

openiddict.pfx issue #8322


User avatar
0
tech37 created
  • ABP Framework version: v8.3.2
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server)
  • **Auth Server Separated ** *: yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

I am having issues deploying my and running my Auth server on an azure app service and its got to with the signingcertificate openiddict.pfx

I have tried to create it within the console of the Azure app service using documented instructions and get the following error:

 C:\home\site\wwwroot>dotnet dev-certs https -v -ep authserver.pfx -p 00000000-0000-0000-0000-000000000000 (i am using the same Guid that is in the code of AuthServerModule.cs) 
 
[22] An error has occurred saving the certificate: System.Security.Cryptography.CryptographicException: The specified network password is not correct.
   at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
   at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at Microsoft.AspNetCore.Certificates.Generation.WindowsCertificateManager.SaveCertificateCore(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation)
   at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.SaveCertificate(X509Certificate2 certificate)
   at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.EnsureAspNetCoreHttpsDevelopmentCertificate(DateTimeOffset notBefore, DateTimeOffset notAfter, String path, Boolean trust, Boolean includePrivateKey, String password, CertificateKeyExportFormat keyExportFormat, Boolean isInteractive).
There was an error saving the HTTPS developer certificate to the current user personal certificate store.

Any advice please?


8 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    The specified network password is not correct.

    dev-certs https -v -ep authserver.pfx -p 00000000-0000-0000-0000-000000000000

    Don't use 00000000-0000-0000-0000-000000000000 as a network password. you should use an real GUID value.

  • User Avatar
    0
    tech37 created

    Hi

    that was just a an example not to expose my the guid to public i used the guid that matches the one listed in the code

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    I have tried to create it within the console of the Azure app service

    You don't need to create it in the Azure platform, you can generate it locally and include it in the published files

  • User Avatar
    0
    tech37 created

    Hi thank you for your respose.

    I have the oppeniddict.pfx file now deployed to c:\home\site\wwwroot along with the other build files:

    However when i do a dotnet run on the project dll i get the following error which is different to previous errors.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    make sure you generate oppeniddict.pfx file correctly

  • User Avatar
    0
    tech37 created

    Hi

    I was publishing via secure files on the azure pipeline and then referencing them in my build pipeline yml. that seemed to work and the file was visible in the deployment

    - task: DownloadSecureFile@1
      inputs:
        secureFile: 'openiddict.pfx'
    
    - script: |
        mkdir -p $(Build.SourcesDirectory)/src/Pekkish.PekkishPOS.AuthServer
        mv $(Agent.TempDirectory)/openiddict.pfx $(Build.SourcesDirectory)/src/Pekkish.PekkishPOS.AuthServer/
      displayName: 'Move PFX File'
    
    

    Using your example the openiddict.pfx is not deployed to the azure deployment and not showing in the build artefact

    Any suggestions should i go back to the secure files option and then referencing it in the yml?

  • User Avatar
    0
    tech37 created

    Hi

    I went back to deploying via secure files as noted above.

    Then also followed the following post and it worked for me: https://codejack.com/2022/12/deploying-abp-io-to-an-azure-appservice/

    Thank you for your asisstance!

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    great

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06