Type of issue
Code doesn't work
Feedback
the certificate generated with the PowerShell script from the documentation is invalid.
what would work is having:
$arguments = 'pkcs12 -in "{0}\rootCert.pfx" -clcerts -nokeys -out "{0}\rootCert.crt"' -f $proxyPath
instead of
$arguments = 'pkcs12 -in "{0}\rootCert.pfx" -out "{0}\rootCert.crt" -nodes' -f $proxyPath
and deleting everything after
Start-Process -FilePath $executable -ArgumentList $arguments -NoNewWindow -Wait
the certificate generated with the PowerShell script in the documentation looks like:
-----BEGIN CERTIFICATE-----
MIIC2DCCAcCgAwIBAgIILyN5dU7l9fEwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UE
AwwMRGV2IFByb3h5IENBMB4XDTIzMDIxNjIyMDgwMVoXDTI2MDUyMjIyMDgwMVow
FzEVMBMGA1UEAwwMRGV2IFByb3h5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAgiz1kA2nJ4ovX/RPyH0Z3c9/FFgpGF/i7O9iQ81CsNb71ruGI9eA
HDGeHeYe80DiRfZ/Xe6WS0ZOQXMU3CFDhiSbf0J8VX9Hq4Ua6Rj+9K1tRUjxnWvf
pSwj4aOi8Bd3J3hshN2dd6RrVQYvONhKJrrbXhSL+Np8jn6KjDAauewbyHFBZhGn
3cy9EDzBcBXWbf60gdrFrdkp3oQeWs/WKLtF4C1LirtbxEtQHdIuwGa+gbVE6jF3
P6GDPXwiSM7sDlLbyninLa1Mm7tfvrRcSK7yUruntm9JbAvvYrfCT31dRQ+0yMAM
wsy2oIhANlRdjmJuwovjn7wwehWqJ4cdLwIDAQABoygwJjATBgNVHSUEDDAKBggr
BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBG43lG
j0ApIT4wWEl4GkucDeiWMaddyVclY5Jd7yJhzN3PLjAstHoKjiXGQeTTDz5WeA9X
uLofXuX/5L9Q+ajX9s4uuvDVFUMW7qqhLKrDg8DeAwNQJQxodTYXPP+KhnzNPKiO
i3/cXHMuxa0Pfekmq+v4221mjKoxCezhp9BnNX8Q0AhUQS7HwpYCT22MouzVMFnx
kIrYl+3Mqi86uj3JL4JTtFV5ioqMaQA7PkJLFU/hVXlO066WyzzDvdJCwwHi0Mac
aXpDbo6oPBGC5ZDsvuueVOQ6LtKEocOiuw6DiZ55frbds6ZZefiRU8KO6L7RIwCB
7Dk716Bkwka9Yx17
-----END CERTIFICATE-----
while the certificate generated with the proposed change looks like:
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: Dev Proxy CA
subject=CN = Dev Proxy CA
issuer=CN = Dev Proxy CA
-----BEGIN CERTIFICATE-----
MIIC2DCCAcCgAwIBAgIILyN5dU7l9fEwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UE
AwwMRGV2IFByb3h5IENBMB4XDTIzMDIxNjIyMDgwMVoXDTI2MDUyMjIyMDgwMVow
FzEVMBMGA1UEAwwMRGV2IFByb3h5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAgiz1kA2nJ4ovX/RPyH0Z3c9/FFgpGF/i7O9iQ81CsNb71ruGI9eA
HDGeHeYe80DiRfZ/Xe6WS0ZOQXMU3CFDhiSbf0J8VX9Hq4Ua6Rj+9K1tRUjxnWvf
pSwj4aOi8Bd3J3hshN2dd6RrVQYvONhKJrrbXhSL+Np8jn6KjDAauewbyHFBZhGn
3cy9EDzBcBXWbf60gdrFrdkp3oQeWs/WKLtF4C1LirtbxEtQHdIuwGa+gbVE6jF3
P6GDPXwiSM7sDlLbyninLa1Mm7tfvrRcSK7yUruntm9JbAvvYrfCT31dRQ+0yMAM
wsy2oIhANlRdjmJuwovjn7wwehWqJ4cdLwIDAQABoygwJjATBgNVHSUEDDAKBggr
BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBG43lG
j0ApIT4wWEl4GkucDeiWMaddyVclY5Jd7yJhzN3PLjAstHoKjiXGQeTTDz5WeA9X
uLofXuX/5L9Q+ajX9s4uuvDVFUMW7qqhLKrDg8DeAwNQJQxodTYXPP+KhnzNPKiO
i3/cXHMuxa0Pfekmq+v4221mjKoxCezhp9BnNX8Q0AhUQS7HwpYCT22MouzVMFnx
kIrYl+3Mqi86uj3JL4JTtFV5ioqMaQA7PkJLFU/hVXlO066WyzzDvdJCwwHi0Mac
aXpDbo6oPBGC5ZDsvuueVOQ6LtKEocOiuw6DiZ55frbds6ZZefiRU8KO6L7RIwCB
7Dk716Bkwka9Yx17
-----END CERTIFICATE-----
running openssl having $arguments = 'x509 -text -inform PEM -in "{0}\rootCert.crt"' -f $proxyPath would work for the certificate generated with the proposed change, while for the certificate generated with the PowerShell script in the documentation it would fail with:
Could not read certificate from and 100000000A000000:error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported:crypto/encode_decode/decoder_lib.c:102:No supported data to decode. Input type: PEM, Input structure: Certificate
related to this, it should be mentioned in the documentation that when being prompted for the password with Enter Import Password: Enter should be hit as the password is empty.
Page URL
https://learn.microsoft.com/en-us/microsoft-cloud/dev/dev-proxy/how-to/use-dev-proxy-with-dotnet-docker
Content source URL
https://github.com/MicrosoftDocs/microsoft-cloud/blob/main/docs/dev/dev-proxy/how-to/use-dev-proxy-with-dotnet-docker.md
Author
@waldekmastykarz
Document Id
7a428e61-5196-25bd-b386-99040213d6fd
Type of issue
Code doesn't work
Feedback
the certificate generated with the PowerShell script from the documentation is invalid.
what would work is having:
$arguments = 'pkcs12 -in "{0}\rootCert.pfx" -clcerts -nokeys -out "{0}\rootCert.crt"' -f $proxyPathinstead of
$arguments = 'pkcs12 -in "{0}\rootCert.pfx" -out "{0}\rootCert.crt" -nodes' -f $proxyPathand deleting everything after
Start-Process -FilePath $executable -ArgumentList $arguments -NoNewWindow -Waitthe certificate generated with the PowerShell script in the documentation looks like:
while the certificate generated with the proposed change looks like:
running
opensslhaving$arguments = 'x509 -text -inform PEM -in "{0}\rootCert.crt"' -f $proxyPathwould work for the certificate generated with the proposed change, while for the certificate generated with the PowerShell script in the documentation it would fail with:Could not read certificate fromand100000000A000000:error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported:crypto/encode_decode/decoder_lib.c:102:No supported data to decode. Input type: PEM, Input structure: Certificaterelated to this, it should be mentioned in the documentation that when being prompted for the password with
Enter Import Password:Enter should be hit as the password is empty.Page URL
https://learn.microsoft.com/en-us/microsoft-cloud/dev/dev-proxy/how-to/use-dev-proxy-with-dotnet-docker
Content source URL
https://github.com/MicrosoftDocs/microsoft-cloud/blob/main/docs/dev/dev-proxy/how-to/use-dev-proxy-with-dotnet-docker.md
Author
@waldekmastykarz
Document Id
7a428e61-5196-25bd-b386-99040213d6fd