0

I need an Azure Function in an App Service Plan to identify itself to an external endpoint using a client cert. I know where I can enable SSL for my Function, and I know I can manually load a cert in code, but I don't see where I can provide a cert for that external auth and associate it through the portal with the Function or the Plan.

andrewbadera
  • 1,372
  • 9
  • 19
  • There are lots of article on how upload a cert to an app service plan. You may also consider putting your certificate into an Azure Keyvault – Thomas Feb 15 '18 at 23:34
  • It should be the same as with a 'normal' application. What is it you are struggling with, maybe provide some more details on what you are creating. – Jan_V Feb 19 '18 at 10:09
  • Yes, I know it can be done. As I note in my post. But taking a series of manual steps is not "fully baked." There is, as far as I can tell, no UI around this, and for something that is pretty common, that's downright silly. I was hoping I was wrong about that, but that doesn't seem to be the case. So instead of handing off something polished to my client, it turns into handing over an instruction manual instead. Just sloppy. – andrewbadera Feb 20 '18 at 14:32
  • @Thomas I am trying the KeyVault route+MSI now, was tipped to that later in the day after asking this question, but it still means manually loading a cert inside the function. – andrewbadera Feb 20 '18 at 14:36
  • how do you deploy your azure function ? You can use an ARM template to add the cert to your key vault and reference it in your function. I guess you still have some manual step but you can run a powershell script to do it. – Thomas Feb 20 '18 at 19:14

1 Answers1

0

There are examples how to load certificate in azure function:

Runtime error loading certificate in Azure Functions

http://www.rahulpnath.com/blog/azure-key-vault-from-azure-functions-certificate-based-authentication/

https://blog.siliconvalve.com/2016/11/15/azure-functions-access-keyvault-secrets-with-a-cert-secured-service-principal/

Alexey Rodionov
  • 1,436
  • 6
  • 8
  • Having to manually create principals, having to take a dozen+ steps, is not "fully baked"/"production" in my mind. I asked for fully baked, because when I hand off to my client, I was hoping there'd be something fully productionalized, not a set of manual steps one has to take. – andrewbadera Feb 20 '18 at 14:31
  • @andrewbadera you can run a powershell scritp to execute all these steps – Thomas Feb 20 '18 at 19:14