When i run docker images gives NuGet SSL sertificate problem ? how we can solve this issues ?
2 Answer(s)
-
0
1. Solution
Inside Docker, NuGet SSL problems usually come from the container not trusting the same certificates as your host (corporate proxy, dev HTTPS certs, man‑in‑the‑middle scanners, etc.). Below are concrete ways to fix this when building/running ABP apps in Docker.
A. If error is during
dotnet restore(NuGet feed SSL)Check the exact error message
Most common messages are like:The SSL connection could not be establishedUnable to load the service index for source 'https://....'Authentication failed because the remote party has closed the transport stream
If you are behind a corporate proxy with its own CA
You must import the proxy’s root certificate into the Docker image so
dotnet/NuGet trusts it.Typical Dockerfile pattern (Linux Debian/Ubuntu base images):
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build WORKDIR /src # Copy your corporate/proxy root certificate to the image COPY mycorp-root-ca.crt /usr/local/share/ca-certificates/mycorp-root-ca.crt # Register certificate in container trust store RUN update-ca-certificates # Now restore & build COPY *.sln ./ COPY src/ ./src/ RUN dotnet restore RUN dotnet build -c Release -o /app/buildNotes:
- Export the root CA from your company proxy as
mycorp-root-ca.crt(Base‑64). - After
update-ca-certificates, thedotnetCLI and NuGet will use the updated trust store.
If using a private NuGet feed with self‑signed certificate
- Either:
- Replace the feed certificate with one issued by a trusted CA (recommended), or
- Import that feed’s root/intermediate certificate into the Docker image using the same pattern as above.
- Either:
Temporarily test by disabling HTTPS verification (not recommended for production)
Only to confirm it’s an SSL trust issue, you can temporarily point to an HTTP feed (if available) or use another public feed (like nuget.org) in
NuGet.configand see if restore succeeds. If yes, then the problem is definitely certificate/trust.
B. If issue is with local dev HTTPS (Kestrel / reverse proxy) for ABP
When developing ABP apps with Docker (especially microservice template), you often use local HTTPS endpoints. For development, ABP docs recommend using mkcert to create locally trusted certificates:
Install mkcert on your host
Follow mkcert’s guide:
- Install mkcert
- Run
mkcert -install - Generate a cert for your dev host, e.g.:
mkcert localhost- You’ll get something like
localhost.pemandlocalhost-key.pem(or.crt/.key).
Use mkcert for your development certificates in Docker
Typical pattern:
FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base WORKDIR /app # Copy mkcert-generated certificate into container COPY certs/localhost.pem /https/aspnetapp.crt COPY certs/localhost-key.pem /https/aspnetapp.key # Configure Kestrel via environment in docker-compose.yml: # ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.crt # ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/aspnetapp.keyThis way both your browser and the container trust the same dev certificate.
C. If you’re hitting
nuget.abp.io(ABP Commercial feeds) via HTTPS- Verify the feed URL and token on the host
abp login <your-email> dotnet nuget list sourceEnsure the ABP feed is HTTPS and works locally.
Propagate any custom CA/proxy trust to Docker
If your environment injects certificates (proxy, SSL inspection), you must import that CA as shown in section A.
Avoid turning off SSL validation
Don’t useDOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=falseor similar workarounds in production – fix trust instead.
D. Quick checklist
- Can you
curl https://api.nuget.org/v3/index.jsoninside the container?- If not, it’s an SSL / CA trust issue → import root CA.
- Are you using a corporate proxy?
- Configure proxy for Docker and add proxy CA to container trust.
- Using
mkcertfor dev ABP microservices?- Generate certs on host and copy them into container; use in Kestrel config.
2. Sources
- ABP prerequisites (mkcert usage for dev certificates) – verified:
https://abp.io/docs/latest/get-started/pre-requirements - mkcert installation (generate locally trusted certificates for Docker/dev) – verified:
https://github.com/FiloSottile/mkcert#installation
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
hi
Can you share the full error detail?
Thanks
