3

If you have a Website / Web-App on Windows Azure, then you can upload X.509 Certificates to the website's Personal certificate store for the purposes of allowing the client itself to use Client Certificates to authenticate itself when connecting to an external web-service.

However it doesn't seem you can upload your own Certification Authority root or intermediate certificates such that your Azure web-application can automatically validate the server certificates of external web-services that it itself connects to - at least there's no management GUI for this. Are there any Azure PowerShell commands for this, perhaps?

Is it possible to run .NET code that adds certificate binaries to the StoreName.CertificateAuthority (for StoreLocation.CurrentUser) store?

Dai
  • 141,631
  • 28
  • 261
  • 374
  • Did you ever found an answer? – Tomas Dolezal Dec 22 '16 at 13:29
  • @TomasDolezal No, unfortunately. I worked-around it by writing my own certificate validation function callback instead. – Dai Dec 22 '16 at 17:11
  • Possible duplicate of [How can I trust an Active Directory Root CA Certificate in an Azure Web Application?](http://stackoverflow.com/questions/33884634/how-can-i-trust-an-active-directory-root-ca-certificate-in-an-azure-web-applicat) – Zoka Jan 11 '17 at 13:06

1 Answers1

0

If I understand this correctly, I think you are trying to deal this on the webapp level, and unable to see root or intermediate stores. I think it would be more clean to deal with this on the azure level.

Referring to this article

Certificates you upload directly to the cloud service will be available to your webapp/workroles. You should be able to upload root and intermediate cert to the cloud service and declare who is root/intermediate in your app follow the instruction in step 2.

Hope this can cover your usage.

Kai Zhao
  • 995
  • 7
  • 14