I have an Azure Web App that communicates with a third party API, which uses OAuth 1.0a or similar and as part of that requires an SSL certificate. The provided SSL certificate I need to use comes with its own certificate chain (root, intermediate and SSL certificate).
I have exported the certificate chain to a .pfx file and uploaded it into the SSL certificates section in the Azure Preview Portal and am using WEBSITE_LOAD_CERTIFICATES *
in the App settings.
The problem is that the root and interim certificates do not get imported. Is this expected behavior and how do I fix it? Or is this something not supported by Azure Web Apps?
Edit:
The way I export the certificate chain is using PowerShell:
Export-PfxCertificate -Force
-ChainOption BuildChain
–Cert cert:\localmachine\my\#mythumbprint#
–FilePath c:\temp\myexport.pfx
-Password $(ConvertTo-SecureString -String "password" -Force –AsPlainText)
In the Azure portal, from the left menu, select App Services > <app-name>. From your app's navigation menu, select TLS/SSL settings > Private Key Certificates (. pfx) > Import App Service Certificate. Select the certificate that you just purchased, and then select OK.
Intermediate certificates are cross-signed certificates, whereas, the root certificates are self-signed. Root CAs form the foundation of the certificate chain of trust model, while the primary objective of the intermediate CAs is to provide an additional level of security in case of any mis-issuance or cyber threats.
This is not expected behavior. According to this blog post intermediate and chain certificates should be automatically imported and configured, assuming that your cert was uploaded after a certain date: http://azure.microsoft.com/blog/2015/06/01/intermediate-tls-certificates-for-azure-app-service-web-apps/
(If it's still not working, it may be indicative of an underlying platform problem, in which case the best approach is to post on the official Azure App Service MSDN forum.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With