Unable to use Let's encrypt certificate into Azure Web App
I just installed this plugin into my azure webapp https://github.com/shibayan/azure-appservice-letsencrypt
It works perfectly as SSL certificate for the hosting on my custom domain.
But now, I need to use this certificate to sign operation in my backend (it is an identityserver)
So here is my code to use this certificate located in the startup.cs :
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
var col = store.Certificates.Find(X509FindType.FindByThumbprint, "mythumbprint", false);
if (col.Count > 0)
{
builder.AddSigningCredential(col[0]); // the builder of identityserver
}
else
{
throw new Exception("Startup Error: Unable to find signing certificate");
}
_logger.LogInformation(col[0].PublicKey.Key.KeyExchangeAlgorithm);
}
The startup works fine apart the line where I try to access the public Key:
col[0].PublicKey.Key.KeyExchangeAlgorithm
I receive this exception:
System.NotSupportedException: The certificate key algorithm is not supported. at System.Security.Cryptography.X509Certificates.PublicKey.get_Key()
Following the dotnet core documentation (https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.publickey.key?view=netframework-4.8) and the github (https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/PublicKey.cs), only RSA and DSA are supported.
So my question is: what can I do? I tried to convert the certificate into a pfx file but I don't find the private key of this certificate (I only have the thumbprint)
You do not need to use a CA-issued certificate for token signing so you can just self-issue. On Windows the following command will generate a cert with the correct properties:
makecert -r -pe -n "CN=MyCertName" -b 01/01/2019 -e 01/01/2039 -eku 1.3.6.1.5.5.7.3.3 -sky signature -a sha256 -len 2048 -ss my -sr LocalMachine