我在Win10机器中使用LINUX容器运行dotnet core 2.1
我已经使用openssl创建了一个自签名的CA，并安装在docker计算机中。 Docker输出显示已添加CA。



当我在命令下运行时，它还会向我显示已安装的证书

awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

 using (var store = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadOnly);
                Console.WriteLine($"LocalMachine-> CertificateAuthority-> Count: {store.Certificates.Count}");
                foreach (var cert in store.Certificates)
                {
                    Console.WriteLine($"cert: {cert}");
                }
            }

  using (var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadOnly);
                Console.WriteLine($"LocalMachine-> Root-> Count: {store.Certificates.Count}");

                foreach (var cert in store.Certificates)
                {
                    Console.WriteLine($"cert: {cert.IssuerName.Name}");
                }
            }

FROM microsoft/dotnet:2.1-runtime AS base
WORKDIR /app

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY TestWebApp1/TestWebApp1.csproj TestWebApp1/
RUN dotnet restore TestWebApp1/TestWebApp1.csproj
COPY . .
WORKDIR /src/TestWebApp1
RUN dotnet build TestWebApp1.csproj -c Release -o /app

FROM build AS publish
RUN dotnet publish TestWebApp1.csproj -c Release -o /app
RUN ls -l
RUN ls certificate/


COPY TestWebApp1/certificate/ca.crt /usr/share/ca-certificates/ca.crt
RUN echo ca.crt >> /etc/ca-certificates.conf

RUN ls /usr/local/share/ca-certificates/
RUN dpkg-reconfigure -p critical ca-certificates
RUN update-ca-certificates
RUN awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "TestWebApp1.dll"]

这似乎是由于多阶段Dockerfile所致。

您已将证书安装在publish镜像中，但未在final镜像中安装。此外，base不包括新安装的证书。

我建议