CODEWITHSUNDEEP
azuressl-certificateazure-cloud-services
kasravi
kasravi

Reputation: 23

Dynamically accessing certificates uploaded in Azure portal from cloud service

I want to use certificates (uploaded, via the portal, to the cloud service deployment) in my cloud service webrole.

I would expect that - after uploading the certificates - they would be applied to my running web roles and I can then find the certificates via their thumb print.

I upload the certificate via the portal by going to my cloud service, selecting "Certificates" and then uploading the .pfx and providing the password.

This is the code I am using to try to get certificates:

    var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    store.Open(OpenFlags.ReadOnly);

    X509Certificate2 certificate = null;
    foreach (X509Certificate2 cert in store.Certificates)
    {
        string certHash = cert.Thumbprint;
        if (certHash.Equals(binding.SslThumbprint, StringComparison.OrdinalIgnoreCase))
        {
            certificate = cert;
            break;
        }
    }

This works if I register the certificates in the .csdef file, but I need to be able to load the certificates dynamically. Changes to the .csdef file require deploying a new package - which is not an option.

There is a similar feature in azure websites that you can add a WEBSITE_LOAD_CERTIFICATES setting with a wildcard value to your app setting and then find them by thumbprint in the code. Basically I am looking for a similar feature in cloud services.

Upvotes: 2

Views: 452

Answers (1)

Igorek
Igorek

Reputation: 15850

There is no ability to dynamically load certs uploaded to the Azure portal into a Cloud Role without specifying them first in the CSDEF/CSCFG files.

You can, however, upload your certs to some external storage (ie: Blob storage, SQL Azure db, etc or as Poul mentioned Key Vault) and load them from there.

HTH

Upvotes: 1

Related Questions