Best IT Recipes

Windows Azure Storage Certificate Validity

The certificate for our Azure blob has expired today. This is not a certificate provided by us, but provided by Microsoft, as shown in the figure below. How can this be fixed? I tried to find a solution, but did not find anything. Our application cannot connect to the repository after the certificate expires, and we receive an error message: Failed to establish trust for the SSL / TLS secure channel

enter image description here

+45
blob azure
Feb 22
source share
4 answers

As a temporary measure, I was able to log into the azure portal and change the protocol part of the connection string from https to http.

+26
Feb 22 '13 at 21:22
source share
β€” -

Two more possible solutions if you can use RDP in your roles.

  • Change the configuration manually in the c: \ Config directory.
  • Create the corrected DLL to solve this problem and manually load it through RDP. The workaround can be hard-bound strings or put code to accept expired certificates. For example: ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

(hint for AlexNS on MSDN forums for idea # 2 and Jason Vallery for certificate verification callback code)

As noted in the comments, disabling HTTPS and / or ignoring certificate verification errors can compromise the security of your messages. So think before you do this, and change it as soon as Microsoft fixes this problem.

+5
Feb 22 '13 at 22:34
source share

We were able to evade most of this, primarily by explicitly using HTTP endpoints for storage (we don't store anything too sensitive there).

If you are in a similar situation and can do HTTP endpoints, there is a workaround that allows you to update your roles constantly . It includes deploying Azure Powershell with local packages and seems to work even when updates through both portals continue to fail.

+1
Feb 23 '13 at 5:03
source share

As a note - if you switch to http from https, then the transfer mechanism no longer guarantees the correct data transfer, and you may need to check the MD5 blob.

StorageClient <2.0 manages this sometimes with downloads, but reads this article without ever downloading.

For StorageClient 2.0, you may need to change BlobRequestOptions to UseTransactionalMD5 ( as described here )

0
Feb 25 '13 at 11:57
source share


More articles:


All Articles