11

I deployed a web application as a Web App on Azure App Service. I uploaded some certificates to the Azure Portal, since the Web App runs over SSL, and we use another certificate to perform some decryption.

For the latter case I have a method (which works fine locally) to find a certificate: 

public static X509Certificate2 FindCertificate(KnownCertificate certificate)
    {
        return FindCertificate(StoreName.My, StoreLocation.CurrentUser, X509FindType.FindByThumbprint, certificate.Thumbprint);
    }

But I get an error that the certificate with thumbprint XYZ is not found. Although, on the Azure Portal it is present. (I had uploaded and imported it)

I am using StoreLocation.CurrentUser as suggested in THIS POST but it still does not work. Am I using the wrong store or what else am I missing?

EDIT: I have managed to remotetly debug my WebApp and with the ImmediateWindow feature of VisualStudio I have executed this code

new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser).Certificates.Find(findType, findValue, false).Count;

testing all possible combinations of StoreNames and StoreLocations but to no avail.

Is it possible like stated here that for using certificate with purposes other than https traffic you would need a Cloud Service and that (I suppose that) App Services do not support it?

Community
  • 1
  • 1
Mirko Lugano
  • 975
  • 1
  • 11
  • 26
  • For any one whos having similar issue -y ou don't need to do this - "testing all possible combinations", when you upload certificate to Azure app service, it always goes into StoreName.My, Store Location.CurrentUser. – Dhanuka777 Jan 13 '17 at 02:47

1 Answers1

22

You need to add WEBSITE_LOAD_CERTIFICATES to your web app App Settings. Set the value to either ' * ' or to the thumbprint of your certificate you want loaded into the web app environment. My personal preference is to set this value to ' * ', which means, load all certificates that have been uploaded.

enter image description here

After you apply this change you should be able to load your certificate from within your web app code.

More information on how to use certificates is available here. The article is a bit dated (in today's standards) but still relevant.

Rick Rainey
  • 11,096
  • 4
  • 30
  • 48
  • 1
    Thanx Rick yes eventually yesterday evening I had solved it myself but had not yet updated the answer. What is tricky is that I had first added that setting in the Web.config and it didn't work, and only adding it from the portal made the trick. – Mirko Lugano May 27 '16 at 07:25
  • I have tried this, still not working, does the certificate have to signed by a CA? or can it be a self signed certificate? – MBen Mar 24 '17 at 13:16
  • Self-signed will work just the same. In fact, that's what I used in the answer above. Be careful copying the thumbprint of the cert so as to avoid copying hidden characters. For example, copy/paste the thumbprint into notepad and then copy from notepad and paste into your app settings. – Rick Rainey Mar 24 '17 at 14:51
  • @RickRainey Hi Rick thanks. I tried to list all certificates the App loads, I get my certificates, but when I run the search FindByThumbPrint I get nothing, is there any limiation around there? – MBen Mar 27 '17 at 11:00
  • @MBen I am also getting the same issue. Did u find any solution? – Rupesh May 04 '17 at 16:50
  • 1
    @Rupesh Yes, just use Find(..., ..., FALSE) instead of true. Not sure why those certificates are not considered valid, but they are valid for us and we do our own validation. Hope this helps. – MBen May 05 '17 at 10:41
  • @MBen thanks! Using False worked for me – Eugen Kotov Jan 04 '22 at 19:47