1

I have an application, deployed in Azure Service Fabric. The application connects to external web service which has an untrusted SSL certificate and fails. I solved problem by implementing custom cert validation logic in "ServerCertificateCustomValidationCallback" method of HttpClient, however this is not an ideal solution.

How to install external SSL certificate into the trusted store on VMs in VMSS, so that any app in ASF can consume external web services without additional efforts?

Additional notes

  • Certificate contains no private key, so it cannot be imported into Azure key vault and used in ARM template (or I didn't find a way how to achieve this)
  • Certificate cannot be installed manually via RD, because this doesn't support autoscaling
avocadoLambda
  • 1,332
  • 7
  • 16
  • 33
Andris
  • 1,262
  • 1
  • 15
  • 24
  • I had the same issue with WCF: look at my answer on how to install the certificates and configure ACL https://stackoverflow.com/a/43502308/639829 – Preben Huybrechts Jul 02 '20 at 05:13
  • Can't you use [LetsEncrypt](https://letsencrypt.org/) to get a free valid SSL certificate on the service? – LoekD Jul 02 '20 at 05:19

1 Answers1

0

It is possible to import .pfx certificate without password into Azure Key Valut. Certificate should be imported into Secrets (not into Certificates). Azure portal says, that this feature is deprecated but it works.

When certificate is in key valut, then ARM template can be used to deploy it onto VMs.

To get pfx certificates, I downloaded root and intermediate certificates in browser. Then converted .cer to .pfx via small .net console, written by myself - check X509Certificate class, it has all necessary methods.

Andris
  • 1,262
  • 1
  • 15
  • 24