I have run into an issue with Azure cloud services that has me a bit stumped. I am working on a project that interacts with a 3rd party REST API which requires all requests to be signed with an SSL cert. In development or on a production VM this is a non-issue. The certificates are typically installed in the appropriate stores and then can be loaded by thumbprint, from a file on disk or from an embedded resource like this:
_certificate = new X509Certificate2(Properties.Resources.Cert,
"password, X509KeyStorageFlags.MachineKeySet);
I am now trying to migrate a portion of the system to Azure and am having difficulty getting the certificate working. The issue I believe is the intermediate certificate from Symantec that is not already installed. So far I have tried writing both Powershell and batch files (ie certutil), I have written C# code to walk the certificate chain as well as to iterate over the collection of certs and perform the various imports but none of them have allowed for a successful call with the cert.
Has anyone automated the installation and usage of a signing cert in an Azure cloud service and if so would you mind sharing the solution?
What I did was get the certificate file on the Azure Cloud service, and run a startup task ( in elevated mode ) to install the certificate into the machine store.
So, what you probably need to do is:
Information on startup tasks here: https://msdn.microsoft.com/en-us/library/azure/hh180155.aspx . NOTE: You need to run in 'elevated' mode in order to install the certificate.
<Startup>
<Task commandLine="Startup.cmd" executionContext="elevated" taskType="simple" >
</Task>
</Startup>
Inside your Startup.cmd
- for example:
certutil -addstore -enterprise -f -v root Certificates\mycert.cer
Taken from here . Again - make sure to bundle the cert in your host app, OR write a script that downloads the certificate from somehwere - before calling the certutil
command.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.