CODEWITHSUNDEEP
azureasp.net-coreazure-web-app-serviceasp.net-core-1.1
developer82
developer82

Reputation: 13713

Azure App Service 502.5 error response when loading a certificate using X509Certificate2

I have a .NET Core application that I'm trying to deploy to Azure App Service. When I deploy and try to load the site I'm getting a 502.5 error response. From what I've read that means it's a permissions issue. I've tried printing the logs with stdout, but while it physically creating the log files, they are all empty.

So I started eliminating the problem by commenting out code. On ConfigureServices I'm loading a certificate:

var certificate = new X509Certificate2("mycertificate.pfx", "**********");

If I comment out this line, then the application loads. Once returned it gives the error again.

From console in the Azure portal I've tried giving mycertificate.pfx permissions using chmod 777 mycertificate.pfx, but it didn't seem to have any affect.

I'm not sure if the problem is loading that specific file or using X509Certificate2 at all.

How can I set it up to work?

Upvotes: 0

Views: 221

Answers (1)

Tom Sun
Tom Sun

Reputation: 24549

How can I set it up to work?

1.Upload pfx Certificate to the Azure with azure portal. It is required service plan B or above. How to change service plan please refer to this document

enter image description here

  1. Add an App setting named WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate will make it accessible to your web application.

You can have multiple comma-separated thumbprint values or can set this value to “ * “ (without quotes) in which case all your certificates will be loaded to your web applications personal certificate store

enter image description here

3.Access from WebApp 

   using System;
    using System.Security.Cryptography.X509Certificates;namespace UseCertificateInAzureWebsiteApp
    {
      class Program
      {
        static void Main(string[] args)
        {
          X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
          certStore.Open(OpenFlags.ReadOnly);
          X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                     X509FindType.FindByThumbprint,
                                     // Replace below with your cert's thumbprint
                                     “E661583E8FABEF4C0BEF694CBC41C28FB81CD870”,
                                     false);
          // Get the first cert with the thumbprint
          if (certCollection.Count > 0)
          {
            X509Certificate2 cert = certCollection[0];
            // Use certificate
            Console.WriteLine(cert.FriendlyName);
          }
          certStore.Close();
        }
      }
    }

We could get more info from document.

Upvotes: 0

Related Questions