Programmatically add service certificate to Azure roles

1
votes

Scenario: My Web site (hosted on web roles on Azure) should provide "admins" with an oppertunity to upload a .pfx certificate to the service. This should be done through the web site - not the Azure Managememt Portal.

The certificate should be stored in the certificate store in all instances.

I've succesfully managed to upload a certificate into the Azure Certificate store via the "Windows Azure Service Management REST API - Add Service Certificate"

Problem: I cannot find a way to place the certificate in the certificate store on all instances. This should be done without doing a Publish/Upgrade with changes in ServiceDefinition and ServiceConfiguration.

Question: Is there a way to programmatically upload and install a service certificate to all roles without doing an upgrade?

Thanks in advance!

1
azurecertificateazure-web-roles
Do you just need to have the certificate installed or do you also want it used for https endpoints in the role? - sharptooth
@sharptooth It's not for https - it's for client authentification in an WCF service. I'd like to access it with FindByThumbprint() - Malthe Kirkhoff Stougaard

1 Answers

0
votes

Since you don't want to attach the certificate to web role endpoints you can use the same technique as with distributing any binary files. One instance accepts the certificate file and puts it into blob storage, then somehow notifies other instances and those get the certificate file from blob storage and install the certificate. For notifying other instances you can use internal endpoints, Azure queues, a marker in blob storage - anything like that.