2

How can i create a self signed X.509certificate using Asp .net core in Azure App services.

I tried with pluralsight.crypto and CERTENROLLLib, but both of these are not working for me in Azure App Services.

Any suggestions?

Dream Team
  • 21
  • 4

2 Answers2

0

You can place an SSL Certificate order by creating a new App Service Certificate in the Azure portal. Then store the certificate in Azure Key Vault. From the same Certificate Configuration page, click on verify button to complete the verification domain ownership process. Then you can assign the certificate to App Service by importing the App Service certificate in SSL settings. For detailed process, you may refer this document: https://learn.microsoft.com/en-us/azure/app-service/web-sites-purchase-ssl-web-site. To use a certificate that is uploaded to or imported into App Service, first makes it accessible to your application code. You do this with the WEBSITE_LOAD_CERTIFICATES app setting. In SSL certificate tab, you will get all your uploaded and imported SSL certificates for the web app with their thumbprints. Copy the thumbprint of the certificate you want to use. Go to Application Settings, add an app setting called WEBSITE_LOAD_CERTIFICATES and set its value to the thumbprint of the certificate, as shown in the below screenshot, enter image description here

When finished, click Save. The configured certificate is now ready to be used by your code. Once your certificate is accessible, you access it in C# code by the certificate thumbprint. The following code loads a certificate with the thumbprint. Below is an example,

using System;
using System.Security.Cryptography.X509Certificates;

...
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
                            X509FindType.FindByThumbprint,
                            // Replace below with your certificate's thumbprint
                            "E661583E8FABEF4C0BEF694CBC41C28FB81CD870",
                            false);
// Get the first cert with the thumbprint
if (certCollection.Count > 0)
{
    X509Certificate2 cert = certCollection[0];
    // Use certificate
    Console.WriteLine(cert.FriendlyName);
}
certStore.Close();
...
Swikruti Bose
  • 158
  • 6
  • What i want is a .net core based code for creating a self signed X.509 certificate which could work in Azure App services. like this https://stackoverflow.com/a/13806300/9783088 – Dream Team May 13 '18 at 09:11
0

The CertificateRequest class, added in .NET Core 2.0 (and also available in .NET Framework 4.7.2) can craft self-signed certificates.

private static X509Certificate2 MakeLocalhostCert()
{
    using (ECDsa key = ECDsa.Create(ECCurve.NamedCurves.nistP384))
    {
        var request = new CertificateRequest(
            "CN=localhost",
            key,
            HashAlgorithmName.SHA384);

        // not a CA
        request.CertificateExtensions.Add(
            new X509BasicConstraintsExtension(false, false, 0, true));

        // Other extensions as appropriate

        DateTimeOffset now = DateTimeOffset.UtcNow;
        return request.CreateSelfSigned(now, now.AddDays(90));
    }
}
bartonjs
  • 30,352
  • 2
  • 71
  • 111