Azure Web App calling on-prem service with Self-Signed SSL Cert

Question

We have an Azure web app which needs to call an internal web service via a VPN

We have configured everything but because the web service on our non-production internal servers uses a self-signed certificate, the call is failing:

The remote certificate is invalid according to the validation procedure.

Locally we can import the .cer into Trusted People.

How can this be achieved on Azure?

Answer 1

You cannot import .cer file to Azure Web App servers. If you can modify your code, you may implement a workaround, creating your own certificate validation. An example:

    ServicePointManager.ServerCertificateValidationCallback += (
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors) =>
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
        {
            return true;
        }
        else
        {
            var myGoodCert = X509Certificate.CreateFromCertFile(Server.MapPath("~/path/to/mycert.cer"));
            return myGoodCert.Equals(certificate);  // compares issuer and serial number
        }          
    };

Remember to deploy the .cer file with your web app files or place it somewhere accessible from your webapp (azure blob storage, blob on sql, etc...)