Azure: getting service certificate without defining an additional configuration

Question

My cloud service has the following config:

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration ...>
  <Role name="...">
    <ConfigurationSettings>
      <Setting name="MyCertThumbprint" value="AB687DC9F63D51AE6E9522B86B97EFD15F55EA42" />
    </ConfigurationSettings>
    <Certificates>
      <Certificate name="MyCert" thumbprint="AB687DC9F63D51AE6E9522B86B97EFD15F55EA42" thumbprintAlgorithm="sha1" />
    </Certificates>
  </Role>
</ServiceConfiguration>

See the redundance?

I want to get rid of MyCertThumbprint config. Is there an Azure API that gives me access to the thumbprint of MyCert? Or maybe the X509Certificate2 instance itself (ie without having to search for it using X509Store) ?

Answer 1

Sure - if you know other information about the certificate, you can use any of the X509FindType Enumerations with X509Certificate2Collection.Find Method . Unfortunately, the Certificates section of the ServiceConfiguration is for locating the certificate in the Cloud Service certificate store and installing that certificate on the VMs associated with the Role you are deploying. There is no API to access the section directly. So your choice is to hard code something like the certificate subject name or the thumbprint and hope it doesn't change, or add a setting like you've demonstrated in your code sample that is configurable with each deployment.

The ConfigurationSettings section mirrors the appSettings section in the web.config file and when used in conjunction with CloudConfigurationManager.GetSetting("settingsKey") with look first in the ServiceConnfiguration then in the web.config for application settings, allowing you to un local in an emulator or just IIS express and achieve the same functionality. So we duplicate the settings in both ServiceConfiguration and web.config.