stackoom
  简体   繁体   中英

Azure Cloud Service - SSL Signing Certificate

 原文  2015-08-03 12:23:30       c#/ azure/ azure-cloud-services

Question

I have run into an issue with Azure cloud services that has me a bit stumped. I am working on a project that interacts with a 3rd party REST API which requires all requests to be signed with an SSL cert. In development or on a production VM this is a non-issue. The certificates are typically installed in the appropriate stores and then can be loaded by thumbprint, from a file on disk or from an embedded resource like this: 

_certificate = new X509Certificate2(Properties.Resources.Cert,
                "password, X509KeyStorageFlags.MachineKeySet);

I am now trying to migrate a portion of the system to Azure and am having difficulty getting the certificate working. The issue I believe is the intermediate certificate from Symantec that is not already installed. So far I have tried writing both Powershell and batch files (ie certutil), I have written C# code to walk the certificate chain as well as to iterate over the collection of certs and perform the various imports but none of them have allowed for a successful call with the cert.

Has anyone automated the installation and usage of a signing cert in an Azure cloud service and if so would you mind sharing the solution?

1 answers

solution1
 0 ACCPTED  2015-08-03 12:36:58

What I did was get the certificate file on the Azure Cloud service, and run a startup task ( in elevated mode ) to install the certificate into the machine store.

So, what you probably need to do is:

  1. Write a .cmd or powershell script that installs the certificate. Be sure to bundle it with your app ( type = content, copy local = true )
  2. Be sure to bundle the cert with your app OR write a powershell script / cmd script that downloads the certificate onto the azure cloud service
  3. Write a startup task that calls the the installation script, that installs the certificate on the machine.

Information on startup tasks here: https://msdn.microsoft.com/en-us/library/azure/hh180155.aspx . NOTE: You need to run in 'elevated' mode in order to install the certificate. 

<Startup>
    <Task commandLine="Startup.cmd" executionContext="elevated" taskType="simple" >
     </Task>
 </Startup>

Inside your Startup.cmd - for example: 

certutil -addstore -enterprise -f -v root Certificates\mycert.cer

Taken from here . Again - make sure to bundle the cert in your host app, OR write a script that downloads the certificate from somehwere - before calling the certutil command.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to call Soap web service from ssl certificate and signing attributes Get x509 Certificate In Azure Cloud Service Using an Identity Server signing certificate in Azure Azure Service Certificate limitation Using the same certificate for SSL communication and for signing EXEs and DLLs Private Azure Cloud Service? Ping Azure Cloud Service SSL HttpWebRequest to site with mismatched certificate on Azure? Consuming a web-service that requires SSL certificate Consuming Rest service with SSL certificate in C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM