Read Azure default wildcard certificate from ASP.NET Core

Question

I'm putting up a staging environment in an Azure App Service. That sits under the Free Tier, where you cannot upload custom SSL certificates. In order to test my ASP.NET Core application setup, and specifically if it can correctly load a certificate from store, I'd like to try that without having to satisfy all requirements for a trusted certificate (change tier, get domain, get certificate, ...).

I'm aware about Let's Encrypt, but that would still force me to switch tier in order to add a certificate to Azure app service. Plus, I'm not sure you can create a certificate for a domain some-site.azurewebsites.net (I've read something somewhere against using anything related to azurewebsites.net for a custom certificate), so maybe that would also need a custom domain anyway.

I was wondering if there's a way to access, from application code, the default wildcard certificate that MS owns for *.azurewebsites.net. So something like grabbing MS Azure certificate thumbprint, storing it in WEBSITE_LOAD_CERTIFICATES app setting, then load it from store as done here in chapter 3. Access from app".

X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);

X509Certificate2Collection certCollection = certStore.Certificates.Find(
   X509FindType.FindByThumbprint,
   "insert-here-thumbprint-of-azure-default-cert",
   false);

// Get the first cert with the thumbprint
if (certCollection.Count > 0)
{
  X509Certificate2 cert = certCollection[0];
  // Use certificate
  Console.WriteLine(cert.FriendlyName);
}

certStore.Close();

Is this doable? TA.

Answer 1

Apparently, another SO thread has the answer. The gist of it is:

You will not be able to access this certificate programmatically in your WebApp as this certificate is not really installed on the Azure WebApp.

Not sure if this should be closed as duplicate.