All geek questions in one place

Non-X509Store SSL Certificate When Uploading to Azure

I installed .pfx on my Azure site using the management port download certificate.

Now I am trying to access them using the following code:

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); certificateStore.Open(OpenFlags.ReadOnly); var certificates = certificateStore.Certificates; StringBuilder sb = new StringBuilder(); foreach (var certificate in certificates) { sb.AppendLine(certificate.Subject); }

When you publish to Azure, a list of certificates is displayed, but not the one I downloaded.

The following certificates are listed:

 CN=WW.azurewebsites.windows.net, OU=CIS(RD), O=Microsoft CN=FullOSTransport CN=client.geo.to.stamp.azurewebsites.windows.net CN=ma.waws-prod-am2-005.azurewebsites.windows.net, OU=OrganizationName, O=Microsoft, L=Redmond, S=WA, C=US CN=FullOSTransport CN=FullOSTransport

I purchased a Verisign certificate and it seems to have downloaded it correctly and appears in the "HTTPS" panel in the browser (in Chrome).

Any help would be appreciated, as I do not understand here.

Update

It looks like we will need to convert to a cloud service to work on this code. But can I add certificates to the app_data folder as suggested here?

http://blog.tylerdoerksen.ca/2015/11/29/pfx-certificate-files-and-azure-web-apps/

This is similar to working with Azure sites without using web roles.

thanks

+6
source share
2 answers

I ran into a similar problem, below is a solution that worked for me.

Decision:

After you have uploaded your certificate through the Azure portal, you need to add an application (also through the portal) called WEBSITE_LOAD_CERTIFICATES and set the value for the fingerprint of your uploaded certificate. This can be a comma-separated list of multiple fingerprints if you want, or even * upload all your downloaded certificates.

Then download the ur certificate using the code below.

 var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, YOUR_THUMBPRINT, false);
+8
source

I installed .pfx on my Azure website using the management port download certificate.

I recently had to go through this process for Azure Web Site, so I tried to save time in that order.

What can you do for debugging?

First remove the machine and find out if the certificate exists there. You may find that using mmc.exe and adding certificate snap-ins. See here for complete instructions.

In the case of the Azure Web Site, you must enable Remote Desktop by going to the Azure Management Portal , and then create a session in the virtual machine on which your website is deployed.

Certificate Deployment

If the certificate does not exist, you will have to deploy it. For testing, you can do this manually by going to virtual machines using a remote session and importing the certificate.

In the case of a website, if you want it to be deployed automatically, you will have to update the service definition files for this role to ensure that the certificate is deployed correctly. Also, keep in mind that your certificate must be uploaded as a "Service Certificate" and not a "Management Certificate" if you want your roles to be able to use it. If you are using Visual studio, you can also add it to your project and which can deploy it.

Access rights

In addition (and especially if you manually deployed the certificate, for example, in a virtual machine), you will need to verify that IIS has permissions to access the certificate. This page here explains how to deploy certificates and grant permissions. If your certificate is included in the deployment package, then this is not necessary, as Azure Deployment will take care of this.

FYI: it works locally because the certificate already exists in the repository where your code is viewed, and nothing will be possible to delete the certificate (unless you do it manually) to make sure that if you deployed locally again, the certificate (it is assumed that your deployment is on-premises and the Azure cloud is exactly the same). In many cases, the on-premises and Azure cloud environments may be different (unfortunately) because Azure will provide clean virtual machines and everything needs to be deployed properly. On local machines, we have a lot of "leftovers."

+2
source

Source: https://habr.com/ru/post/970541/

More articles:


All Articles