Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to manage signed certificates with Azure Function V2

I am working on Azure Functions App on Consumption Plan. The Func App required to load a specific signed certificate.

In local machine I setup the certificate as personal certificate and everything works fine.

After publishing on azure, I am getting this error:

There are 0 certificates with the subject name cert.name in LocalMachine, MyUse scripts/certificates/ to generate this

Nothing helpful on SO or even in Azure Func documentation on how to use certificate with azure functions.

Anyone has experience with that?

like image 474
Marzouk Avatar asked Dec 14 '18 11:12

Marzouk


People also ask

Does Azure have a certificate manager?

A private certificate that's managed by Azure. It combines the simplicity of automated certificate management and the flexibility of renewal and export options.

How do you authenticate with Azure function?

Search for and select the Azure Functions: Open in portal command. Select the subscription and function app name to open the function app in the Azure portal. In the function app that was opened in the portal, locate the Platform features tab, select Authentication/Authorization. Turn On App Service Authentication.

How do I manage a self signed certificate?

Limit the validity period, it should be as short as you can handle from the maintenance standpoint. Never go beyond 12 months. Do not use wildcards and limit the alt names, make it as specific as possible -- the certificate should only be issued for the exact hosts/domains where it is going to be used.

How do I bind SSL certificate in Azure App Service?

In the Azure portal, from the left menu, select App Services > <app-name>. From the left navigation of your app, start the TLS/SSL Binding dialog by: Selecting Custom domains > Add binding. Selecting TLS/SSL settings > Add TLS/SSL binding.


1 Answers

I got it and it's pretty straight forward.

First go to platform features under your Function App and you should find SSL as shown below.

enter image description here

Then you can add a public, private or SSL certificate based on your needs. In my case I want to add a private Certificate which i already exported and have it's private key.

enter image description here

After uploading your certificate, go to your app settings and add this key/value:

WEBSITE_LOAD_CERTIFICATES: "Your Cert Thumbprint"

You should be able to load the certificate using this Thumbprint like this:

using System;
using System.Security.Cryptography.X509Certificates;

    ...
    X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
    certStore.Open(OpenFlags.ReadOnly);
    X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                X509FindType.FindByThumbprint,
                                // Replace below with your certificate's thumbprint
                                "000000000000000000000000000000000000000",
                                false);
    // Get the first cert with the thumbprint
    if (certCollection.Count > 0)
    {
        X509Certificate2 cert = certCollection[0];
        // Use certificate
        Console.WriteLine(cert.FriendlyName);
    }
    certStore.Close();
    ...
like image 95
Marzouk Avatar answered Sep 23 '22 13:09

Marzouk