Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Certificate not found on Azure Web App

I deployed a web application as a Web App on Azure App Service. I uploaded some certificates to the Azure Portal, since the Web App runs over SSL, and we use another certificate to perform some decryption.

For the latter case I have a method (which works fine locally) to find a certificate:

public static X509Certificate2 FindCertificate(KnownCertificate certificate)
    {
        return FindCertificate(StoreName.My, StoreLocation.CurrentUser, X509FindType.FindByThumbprint, certificate.Thumbprint);
    }

But I get an error that the certificate with thumbprint XYZ is not found. Although, on the Azure Portal it is present. (I had uploaded and imported it)

I am using StoreLocation.CurrentUser as suggested in THIS POST but it still does not work. Am I using the wrong store or what else am I missing?

EDIT: I have managed to remotetly debug my WebApp and with the ImmediateWindow feature of VisualStudio I have executed this code

new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser).Certificates.Find(findType, findValue, false).Count;

testing all possible combinations of StoreNames and StoreLocations but to no avail.

Is it possible like stated here that for using certificate with purposes other than https traffic you would need a Cloud Service and that (I suppose that) App Services do not support it?

like image 883
Mirko Lugano Avatar asked May 26 '16 10:05

Mirko Lugano


People also ask

How do I add a certificate to Azure web app?

In the Azure portal, from the left menu, select App Services > <app-name>. From your app's navigation menu, select TLS/SSL settings > Private Key Certificates (. pfx) > Import App Service Certificate. Select the certificate that you just purchased, and then select OK.

How do I find my Azure certificate?

Sign in to the Azure portal. Go to App Service Certificates, and select the certificate. Select Certificate Configuration > Step 2: Verify > Domain Verification. This step sends an email notice to the Azure certificate provider to resolve the problem.

How do I add certificates to my Azure application gateway?

Azure portal To renew a listener certificate from the portal, navigate to your application gateway listeners. Select the listener that has a certificate that needs to be renewed, and then select Renew or edit selected certificate. Upload your new PFX certificate, give it a name, type the password, and then select Save.

How do I bind SSL certificate in Azure App Service?

In the Azure portal, from the left menu, select App Services > <app-name>. From the left navigation of your app, start the TLS/SSL Binding dialog by: Selecting Custom domains > Add binding. Selecting TLS/SSL settings > Add TLS/SSL binding.


1 Answers

You need to add WEBSITE_LOAD_CERTIFICATES to your web app App Settings. Set the value to either ' * ' or to the thumbprint of your certificate you want loaded into the web app environment. My personal preference is to set this value to ' * ', which means, load all certificates that have been uploaded.

enter image description here

After you apply this change you should be able to load your certificate from within your web app code.

More information on how to use certificates is available here. The article is a bit dated (in today's standards) but still relevant.

like image 74
Rick Rainey Avatar answered Oct 13 '22 08:10

Rick Rainey