Azure Scheduler SSL Certificate error

1
votes

I have a WCF Cloud Service running in azure which I connect to from a .NET client. This is all working nicely and I have implemented security by enabling SSL (using a self signed certificate) and using active directory authorisation.

However, I have a number of scheduled jobs using the azure scheduler and these jobs call methods in the Cloud service but I am unable to setup the scheduled jobs as HTTPS jobs. They work fine as HTTP jobs but as soon as I change it to HTTPS I get the following error:

“Http Action - Request to host '.cloudapp.net' failed: TrustFailure The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.”

I tried just accepting all certificates by adding the following code to the WCF web role’s OnStart method:

 ServicePointManager.ServerCertificateValidationCallback
            = delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
            {
                return true;
            };

But the callback never gets invoked

So I assume I have to somehow add client certificate authentication to the scheduler job? But I cannot work out how.

I am creating the job through the Microsoft.WindowsAzure.Management.Scheduler Api e.g:

var action = new JobAction();
action.Type = JobActionType.Https;
action.Request = new JobHttpRequest();
action.Request.Method = "POST";
action.Request.Uri = new Uri(serviceURI);
action.Request.Body = soap;

action.RetryPolicy = new RetryPolicy()
{
   RetryType = RetryType.None,
   RetryCount = null
};
action.Request.Headers = new Dictionary<string, string>()
{
     { "Content-Type", "text/xml" },
     { "SOAPAction", "\"http://tempuri.org/" + serviceInterfaceName + "/" + methodName + "\"" }
};

var result = schedulerClient.Jobs.CreateOrUpdate(jobName, new JobCreateOrUpdateParameters()
{
    action = action,
    StartTime = startTime,
    Recurrence = new JobRecurrence()
    {
        Frequency = frequency,
        Interval = interval
    }
});

and I see that in the JobAction class there is a property of the Request object called Authentication, I thought perhaps I might need to use that but I can find no documentation on how to use it?

Alternatively, I could create the schedule job through powershell or the azure portal interface if anyone can tell me how to successfully create an HTTPS schedule job through either of those methods?

Many thanks, kelly

1
wcfazuresslschedulerclient-certificates

1 Answers

0
votes

Scheduler jobs fail because it can't trust this endpoint. You need to use a trusted certificate for HTTPS calls from Scheduler.