I have an application, deployed in Azure Service Fabric. The application connects to external web service which has an untrusted SSL certificate and fails. I solved problem by implementing custom cert validation logic in "ServerCertificateCustomValidationCallback" method of HttpClient, however this is not an ideal solution.
How to install external SSL certificate into the trusted store on VMs in VMSS, so that any app in ASF can consume external web services without additional efforts?
Additional notes
It is possible to import .pfx certificate without password into Azure Key Valut. Certificate should be imported into Secrets (not into Certificates). Azure portal says, that this feature is deprecated but it works.
When certificate is in key valut, then ARM template can be used to deploy it onto VMs.
To get pfx certificates, I downloaded root and intermediate certificates in browser. Then converted .cer to .pfx via small .net console, written by myself - check X509Certificate class, it has all necessary methods.