From within a Dynamics365 CRM (in the cloud) plugin code base (in C#), I need to call an external web service that is secured with a X.509 certificate.
I can easily call that web service from a command line utility I created, and I can provide the certificate (loaded from a .pfx file on disk) and everything works just fine.
I have also managed to store the certificate into a newly created Azure Keyvault - but that's where I'm beginning to experience trouble.
In order to access the Azure Keyvault, I need to have some kind of an Azure AD app registration or something, and I need to add some kind of "application identity" to that app registration so that I can grant that "system identity" access permissions to the keyvault. But how do I then access the Keyvault to fetch the certificates from my Dynamics plugin code? I'm not seeing the solution for all the possible options, config settings, permissions and what not to consider....
Does anyone have an insight to share? Blog post with a code snippet to point to? Anything to get me a step or two closer to making this all work?
Or is there a totally different approach I could take to make those certificates available to my plugin code in a safe, secure fashion?
1) You can store encrypted (e.g AES256) pfx as base64 format in some entity as multiline tex field and in plugin retrieve that record , base64 data convert to bytes then to x509Certificate2 object
2) you can store encrypted (e.g AES 256) pfx as web resource and retrieve web resource in the plugin