Azure Cloud Service - SSL Signing Certificate

0
votes

I have run into an issue with Azure cloud services that has me a bit stumped. I am working on a project that interacts with a 3rd party REST API which requires all requests to be signed with an SSL cert. In development or on a production VM this is a non-issue. The certificates are typically installed in the appropriate stores and then can be loaded by thumbprint, from a file on disk or from an embedded resource like this:

_certificate = new X509Certificate2(Properties.Resources.Cert,
                "password, X509KeyStorageFlags.MachineKeySet);

I am now trying to migrate a portion of the system to Azure and am having difficulty getting the certificate working. The issue I believe is the intermediate certificate from Symantec that is not already installed. So far I have tried writing both Powershell and batch files (i.e. certutil), I have written C# code to walk the certificate chain as well as to iterate over the collection of certs and perform the various imports but none of them have allowed for a successful call with the cert.

Has anyone automated the installation and usage of a signing cert in an Azure cloud service and if so would you mind sharing the solution?

1
c#azureazure-cloud-services

1 Answers

0
votes

What I did was get the certificate file on the Azure Cloud service, and run a startup task ( in elevated mode ) to install the certificate into the machine store.

So, what you probably need to do is:

  1. Write a .cmd or powershell script that installs the certificate. Be sure to bundle it with your app ( type = content, copy local = true )
  2. Be sure to bundle the cert with your app OR write a powershell script / cmd script that downloads the certificate onto the azure cloud service
  3. Write a startup task that calls the the installation script, that installs the certificate on the machine.

Information on startup tasks here: https://msdn.microsoft.com/en-us/library/azure/hh180155.aspx. NOTE: You need to run in 'elevated' mode in order to install the certificate.

<Startup>
    <Task commandLine="Startup.cmd" executionContext="elevated" taskType="simple" >
     </Task>
 </Startup>

Inside your Startup.cmd - for example:

certutil -addstore -enterprise -f -v root Certificates\mycert.cer

Taken from here. Again - make sure to bundle the cert in your host app, OR write a script that downloads the certificate from somehwere - before calling the certutil command.