We are building an enterprise application which is hosted on Azure App Service. The app service calls an internal inventory service to retrieve data. As part of initial call to the inventory service, it requires us to pass the .cer certificate for the calls.
The company issues certificates and acts as a Certificate Authority.
Question : is it possible to trust the internal company as a Certificate Authority in App service, so that, the app services trusts calls from the internal services. This will be of huge help, because the certificate issues by the internal company CA expire each year and we will need to re-upload a valid certificate each time.
Any help will be much appreciated.
Unfortunately, you cannot add a certificate to the trusted certificate authority on an Azure Web App. The security implications would be quite bad.
To use a certificate in App Service, the certificate must meet all the following requirements:
• Signed by a trusted certificate authority
• Exported as a password-protected PFX file
• Contains private key at least 2048 bits long
• Contains all intermediate certificates in the certificate chain
Below Links will help you in configuring certificates in app service if you are not looking to secure a custom domain with an SSL binding.
Add a TLS/SSL certificate in Azure App Service
Use a TLS/SSL certificate in your code in Azure App Service
But you can override the framework code for SSL verification to include your particular cert
ServicePointManager.ServerCertificateValidationCallback
Refer the SO which will help you in overriding the framework