We have an Azure web app which needs to call an internal web service via a VPN
We have configured everything but because the web service on our non-production internal servers uses a self-signed certificate, the call is failing:
The remote certificate is invalid according to the validation procedure.
Locally we can import the .cer into Trusted People.
How can this be achieved on Azure?
You cannot import .cer file to Azure Web App servers. If you can modify your code, you may implement a workaround, creating your own certificate validation. An example:
ServicePointManager.ServerCertificateValidationCallback += (
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors) =>
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
else
{
var myGoodCert = X509Certificate.CreateFromCertFile(Server.MapPath("~/path/to/mycert.cer"));
return myGoodCert.Equals(certificate); // compares issuer and serial number
}
};
Remember to deploy the .cer file with your web app files or place it somewhere accessible from your webapp (azure blob storage, blob on sql, etc...)