Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot access certificate store #6

Open
skolmer opened this issue Mar 23, 2017 · 7 comments
Open

Cannot access certificate store #6

skolmer opened this issue Mar 23, 2017 · 7 comments

Comments

@skolmer
Copy link

skolmer commented Mar 23, 2017

I already posted this on the azure feedback forums: https://feedback.azure.com/forums/169385-web-apps/suggestions/18668707--linux-allow-to-access-certicate-store-within-lin

Feel free to close this issue if it is better handled via the feedback forum.

Using certificates uploaded via the azure portal in a Linux based .NET core app is currently not possible.
Normally you would do something like this to access those certificates (https://azure.microsoft.com/en-us/blog/using-certificates-in-azure-websites-applications/):

using(var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser)) {
      certStore.Open(OpenFlags.ReadOnly);
      X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                 X509FindType.FindByThumbprint,
                                 // Replace below with your cert's thumbprint
                                 “E661583E8FABEF4C0BEF694CBC41C28FB81CD870”,
                                 false);
      // Get the first cert with the thumbprint
      if (certCollection.Count > 0)
      {
        X509Certificate2 cert = certCollection[0];
        // Use certificate
        Console.WriteLine(cert.FriendlyName);
      }
}

In .NET core 1.1 apps this is not working as expected the X509Store certificates collection is always empty. Maybe I'm just missing a configuration setting but already tried everything described in the blogpost above.
@naziml
Copy link
Collaborator

naziml commented Mar 31, 2017

@skolmer The AppService feature that let's you upload certs on the portal and have them be available to your app in the cert store is not there for WebApps on Linux yet. Because we launch the dotnetcore docker image which obviously won't have any certs in it, we have to pass the certs when we do docker run, through something like an environment variable or something. But once we do that, I would still need to figure out what location and format these certs need to go to for dotnetcore to pick them up in X509CertStore. Let me ping someone on that and get back to you.

@skolmer
Copy link
Author

skolmer commented Mar 31, 2017

@naziml Thank you for your feedback. Is this the right place to post infos about limitations I run into while working with Azure App Service on Linux or should I use the feedback forums? I'm currently building an API that should run on this platform in the future and it would be nice to have a place where I can track the status of features that are not there yet or not working as expected. I know Linux App Services are still in preview and not everything is implemented yet so I will try to post only those things I couldn't find any official information about online.

@ahmedelnably
Copy link
Collaborator

@skolmer you can definitely use the feedback forums, also you can comment on our FAQ Article, and we will reply and also add these limitations/questions in the article to share it with everyone.

@adriangarzas
Copy link

@naziml do you know if this feature is available now?

@shoshins
Copy link

@naziml and what about now? :)

@metoule
Copy link

metoule commented Apr 30, 2020

It's now possible (see https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#load-certificate-in-linux-apps):

Load certificate in Linux apps
The WEBSITE_LOAD_CERTIFICATES app settings makes the specified certificates accessible to your Linux hosted apps (including custom container apps) as files. The files are found under the following directories:

Private certificates - /var/ssl/private ( .p12 files)
Public certificates - /var/ssl/certs ( .der files)

and the C# code:

var bytes = File.ReadAllBytes("/var/ssl/certs/<thumbprint>.der");
var cert = new X509Certificate2(bytes);

@dodgyKnee73
Copy link

dodgyKnee73 commented Sep 15, 2020
edited
Loading

It's now possible (see https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#load-certificate-in-linux-apps):

Load certificate in Linux apps
The WEBSITE_LOAD_CERTIFICATES app settings makes the specified certificates accessible to your Linux hosted apps (including custom container apps) as files. The files are found under the following directories:
Private certificates - /var/ssl/private ( .p12 files)
Public certificates - /var/ssl/certs ( .der files)

and the C# code:

var bytes = File.ReadAllBytes("/var/ssl/certs/<thumbprint>.der");
var cert = new X509Certificate2(bytes);

I have uploaded a public certificate to a linux hosted function app, set the WEBSITE_LOAD_CERTIFICATES app setting to the thumbprint of the certificate but no certificates have been added to /var/ssl/certs. The actual directory does not exist. Followed the documentation here:
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#upload-a-public-certificate
and here:
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#make-the-certificate-accessible

Is there a way to validate that these steps have worked over and above what is documented here, should I be able to browse to /var/ssl/certs and see my certificate ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@naziml @skolmer @shoshins @ahmedelnably @adriangarzas @metoule @dodgyKnee73