Make *.crt *.pem certificates available inside Azure App service running on docker container

Question

Context

I'm using Azure App service to run a node.js application that should connect to MongoDB using SSL. The app deployed with a docker container. MongoDB server and node.js MongoDB client requires to use *.pem and *.crt certificates.

Problem

Azure web app services (TLS/SSL settings) does not allow me to upload self-signed certificates with *.pem and *.crt file extension. Only *.pfx extension is allowed.

How I can make *.pem or *.crt files available inside the container? Are there other ways to connect node.js app with MongoDB using SSL in Azure?

Answer 1

Seeing as you have the provate key just use openSSL to create a PFX file. Once your PFX file is created you can simply upload to your Azure WebApp. An even better approach is to upload into an Azure KeyVault then import to your WebApp/App Service Plan

I use this command to prepare my certificates for use in Azure

openssl pkcs12 -export -out PFXCertName -inkey PrivteKeyFile -in PEMCertificateFile -passout pass:PrivateKeyPassword

I create this little script for command shell to prompt for the values. Just save it as .bat and run

@Echo off

set /P Cert=Enter Cert Name (Including Extension):
set /P CertKey=Enter Cert KEY Name (Including Extension):
set /P PFX=Enter New PFX Cert Name to Output (Including Extension):
set /P Password=Enter New PFX Password (Including Extension):

Echo Creating the PFX certificate

openssl pkcs12 -export -out %PFX% -inkey %CertKey% -in %Cert% -passout pass:"%Password%"