How to reference x.509 certificates on a cloud service deployed on azure?

0
votes

I am having trouble referencing x.509 certificates once a web service is deployed on azure. The error I get is:

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'd50d00762ab0b5bfa2ccd51122360e89ff5db55e'

I have tried various StoreName and Location permutations and no success. Part of my config is as follows:

<behaviors>
      <endpointBehaviors>
        <behavior name="ClientCredentialsBehavior">
          <clientCredentials>
            <clientCertificate findValue="D50D00762AB0B5BFA2CCD51122360E89FF5DB55E"  storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByThumbprint"/>
            <serviceCertificate>
              <defaultCertificate findValue="E194EBAAFBE5129D097795751127D21577293A87" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByThumbprint"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>

How do I solve this error on azure. Please help me I have spent hours now trying to solve this issue. Thank you.

1
c#.netwcfazureazure-cloud-services
1) Have you uploaded the certificate in the cloud service? 2) Have you included a reference for that certificate in your csdef/cscfg file?Gaurav Mantri
Yes I have uploaded the certificate in the cloud service. No I have not included a reference for that certificate. Can you please refer me to an example. Please note that the certificates are for a service that I am consuming in my service!!!yusha uzumo
Please see this: docs.microsoft.com/en-us/azure/cloud-services/…. Give it a try. If it works, I will provide a more detailed answer to your problem. HTH.Gaurav Mantri
Your kung fu is strong! I tried your suggestion. It works like a charm.So were you making a joke about providing a more detailed answer or were you serious?yusha uzumo
Please see my detailed answer :). I hope the answer explains why you're getting this problem. Cheers!Gaurav Mantri

1 Answers

1
votes

To fix the problem you're facing, please ensure that the certificate is uploaded in the cloud service and that certificate is referenced in the cloud service configuration files (csdef/cscfg). Please see this link on how to do so: https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-configure-ssl-certificate#step-2-modify-the-service-definition-and-configuration-files.

Now comes the explanation :).

As you know, Cloud Services are the PaaS offering. Thus you would need to tell the Fabric Controller (which does the magic of creating your VM, installing your application and making all the configuration changes) that your application needs to use a certificate that is uploaded in the cloud service.

The way you tell it to the Fabric Controller is specifying the certificate details (like certificate thumbprint) in the service definition file/service configuration file. You would also tell in which certificate store on the Cloud Service VM you would want Fabric Controller to install the certificate.

Once Fabric Controller gets this information, at the time of VM creation it goes to the certificates already uploaded in the cloud service, finds matching certificate based on the thumbprint and installs that certificate in your Cloud Service VMs. Since you didn't specify this in the service definition/configuration file, the certificate was never installed on your Cloud Services VM.