问题
I have an Azure Website instance that needs to connect out to a WCF service running elsewhere that is secured using a client certificate.
Client -> Azure Website (MVC Controller) -> WCF Service (Not Azure) that requires Client Certificate
I have been supplied a CER file that when installed locally allows my website to connect to the WCF service. How do I install/make available this certificate available on the Azure Website?
All the documentation I've found when researching this is all about securing a WCF service when running in Azure, and requires the installation of PFX files with passwords. I'm trying to do the opposite and connect outbound from an Azure Website to a third party WCF service.
回答1:
From: https://azure.microsoft.com/en-us/blog/using-certificates-in-azure-websites-applications/
Add the following Application Setting:
- App Setting name:
WEBSITE_LOAD_CERTIFICATES - Value:
*or{CERT_THUMBPRINT}
You can then grab the certificate from My store:
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
// Replace below with yourcert's thumbprint
"E661583E8FABEF4C0BEF694CBC41C28FB81CD870”,
false);
Now, i don't think you'll be able to upload a .cer..pfx seems to be the only accepted format in App Service.
Or just load it from the disk if there's no private key to worry about.
This lets you load .cer as well (DER works, probably Base64 too):
// The path to the certificate.
string Certificate = @"d:\home\site\cert.cer";
// Load the certificate into an X509Certificate object.
X509Certificate cert = X509Certificate.CreateFromCertFile(Certificate);
// Print to console
string result = cert.ToString(true);
Console.WriteLine(result);
Works just fine in App Service (here it is running in the Kudu console):
来源:https://stackoverflow.com/questions/41065150/use-client-certificate-from-azure-website-instance