Search code examples
azuressl-certificatemqttwebjob

How to install third party server's ssl certificate in Azure Trusted Root Store for WebApp?


I have hosted Mosquitto broker(MQTT server) on Azure VM. I am trying to connect to MQTT broker through Azure WebJob. When I connect to broker from local machine using self signed server certificate(ssl/tls connection) it works fine but when I host the same application on Azure AppService it gives error : Invalid remote certificate according to certificate validation procedure. I have installed same pfx certificate file on Azure portal still I am getting the same error. How to install third party server's ssl certificate in Azure Trusted Root Store so that it can validate the certificate through Trusted Root Store.


Solution

  • As far as I know, we don't have the permission to install third party server's ssl certificate in Azure Trusted Root Store for WebApp.

    We could only load the third party server's certificate from the current user's store.

    If the server support using personal store's SSL to connect to, I suggest you could try to set it in the azure portal.

    More details about how to load the certificate in the azure web app, you could refer to below steps:

    1.Upload the certificate:

    enter image description here

    2.Copy the Thumbprint.

    enter image description here

    3.Add the Thumbprint in the app setting to load the certificate when web site running.

    enter image description here

    4.Add code to the webjobs function to load the certificate:

    X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        certStore.Open(OpenFlags.ReadOnly);
        X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                   X509FindType.FindByThumbprint,
                                  "",
                                   false);
        // Get the first cert with the thumbprint
        if (certCollection.Count > 0)
        {
            X509Certificate2 cert = certCollection[0];
            // Use certificate
            log.WriteLine(cert.FriendlyName);
        }
    

    Result:

    enter image description here