stackoom
  简体   繁体   中英

Remove / rebind SSL certificate from an Azure function using Azure SDK

 原文  2018-08-27 07:07:34       c#/ azure/ azure-functions/ azure-sdk-.net

Question

I am trying to automate the process of obtaining an SSL certificate on my azure portal. For that I wrote an Azure function which downloads a new certificate and then uploads/binds it to my web app. The code looks like this:

        app.Update()
            .DefineSslBinding()
                .ForHostname("*.my.domain")
                .WithPfxCertificateToUpload(Path.Combine(executionContext.FunctionDirectory, "cert.pfx"), "pwd")
                .WithSniBasedSsl()
                .Attach()
            .Apply();

which is supposed to upload a new certificate and create a new binding. It works as expected on a web app without existing certificates/bindings but if I run the function again I have some problems:

  1. The new certificate doesn't appear in the azure portal
  2. The binding remains the same
  3. If I manually remove the binding and run my code again it'll create the same binding with the very first certificate I had, ie becomes the same again
  4. Funny thing: I don't receive any failure

After some researching I figured out that if I list my certificates in the azure cli with az webapp config ssl list the list on the portal is updated, ie all the certificates were there. But that doesn't help much.

My general question would be: is there any other way of rebinding a certificate?

Or, as an obvious workaround would be to remove an existing binding and the certificate beforeahead: how can I do the SSL certificate removal in an azure function using the .NET SDK?

1 answers

solution1
 3 ACCPTED  2018-09-03 07:31:56

Found the way.One should do this in 2 steps: first, upload a certificate with

        var certificate = await azure.AppServices.AppServiceCertificates
                .Define($"some-name")
                .WithRegion(app.Region)
                .WithExistingResourceGroup(app.ResourceGroupName)
                .WithPfxByteArray(pfxBytes)
                .WithPfxPassword("test")
                .CreateAsync();

and then using WithExistingCertificate :

        await app.Update()
            .DefineSslBinding()
                .ForHostname("*.my.domain")
                .WithExistingCertificate(certificate.Thumbprint)
                .WithSniBasedSsl()
                .Attach()
            .ApplyAsync();

There is a pending pull request in order to do that in a single call https://github.com/Azure/azure-libraries-for-net/pull/208

UPD: The PR was merged so instead of 2 calls you can simply use a single one: 

var certBytes = certificateService.RetreiveCertificate();
webapp
    .Update()
    .DefineSslBinding()
    .ForHostname("my.hostname")
    .WithPfxByteArrayToUpload(certBytes, "password")
    .WithSniBasedSsl()
    .Attach()
    .Apply();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Intermittent SSL/TLS error using Azure SDK in Azure Website Create Azure web app SSL binding using certificate from key vault How can I remove metadata from an Azure Blob using Azure.Storage v12 SDK? Azure webapp custom domain SSL Certificate update using c# Azure Cloud Service - SSL Signing Certificate SSL HttpWebRequest to site with mismatched certificate on Azure? Unable to load a certificate in Azure Function azure sdk link certificate into new resource group Accessing Certificate from within a C# Azure function Installing and using certificate on Azure website
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM