Root and intermediate certificates installation in Azure Web App?

Question

I have an Azure Web App that communicates with a third party API, which uses OAuth 1.0a or similar and as part of that requires an SSL certificate. The provided SSL certificate I need to use comes with its own certificate chain (root, intermediate and SSL certificate).

I have exported the certificate chain to a .pfx file and uploaded it into the SSL certificates section in the Azure Preview Portal and am using WEBSITE_LOAD_CERTIFICATES * in the App settings.

The problem is that the root and interim certificates do not get imported. Is this expected behavior and how do I fix it? Or is this something not supported by Azure Web Apps?

Edit:

The way I export the certificate chain is using PowerShell:

Export-PfxCertificate -Force 
                      -ChainOption BuildChain
                      –Cert cert:\localmachine\my\#mythumbprint# 
                      –FilePath c:\temp\myexport.pfx 
                      -Password $(ConvertTo-SecureString -String "password" -Force –AsPlainText)

Should you not be using -ChainOption BuildChain? From the documentation: EndEntityCertOnly: Only end entity certificates are exported without any chain. — theadriangreen, Jul 20 '15 at 17:58
@theadriangreen Copy pasted the wrong thing. I am indeed using `BuildChain` — Ivan Zlatev, Jul 20 '15 at 18:03

score 3 · Answer 1 · answered Jul 23 '15 at 23:07

This is not expected behavior. According to this blog post intermediate and chain certificates should be automatically imported and configured, assuming that your cert was uploaded after a certain date: http://azure.microsoft.com/blog/2015/06/01/intermediate-tls-certificates-for-azure-app-service-web-apps/

(If it's still not working, it may be indicative of an underlying platform problem, in which case the best approach is to post on the official Azure App Service MSDN forum.)

Root and intermediate certificates installation in Azure Web App?

1 Answers1