I'm fetching data from a third party company and they have given me certificates so I can access their service. When setting up this locally, it worked after installing the .cer and the .pfx into my certificate stores. However I can't get it to work when the code runs on my Azure Web App, it results in error:
Could not establish trust relationship for the SSL/TLS secure channel with authority
I received this particular error locally at first before giving my application pool access to the public root certificate (IIS AppPool\AppPoolName). It feels like I'm now experiencing the same error on Azure. The code definitely finds the certificates (or else an error would be thrown) but it seems it does not have access to use them.
I've followed this guide to install the certificates in my web app: https://azure.microsoft.com/en-us/blog/using-certificates-in-azure-websites-applications/
I've set the application property to import all certs:
This is the code I'm using to load the private certificate:
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (certs == null || certs.Count == 0)
{
ExceptionUtils.ThrowDataError("Private certificate could not be found");
}
store.Close();
return certs[0];
I've also tried adding the .pfx to the App_Data folder and loading it like this:
var certPath = HttpContext.Current.Server.MapPath("~/App_Data/cert.pfx");
var bankIdCert = new X509Certificate2(certPath, "password");
But it results in the same error. Maybe that means that the it is not given access to the public certificate? The only difference right now between the working local version and the azure version is:
- Locally, public cert is in store LocalMachine location Root and private in store LocalMachine location My
- On Azure when uploading, both certs goes to CurrentUserMy
Does some certificates require to be on LocalMachine in order to work?