I am getting the below exception when I try to add my SSL cert from KeyVault
System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
I generated my ssl cert.pfx from my GoDaddy SSL cert using OpenSSL
openssl pkcs12 -export -out "MyCert.pfx" -inkey "myPrivateKey.pem" -in "MyPem.pem"
From there I added the .pfx to the Key Vault certificate store.
In my Program.cs I configure Kesteral becuase I am running in a docker container on Linux App Service
.ConfigureKestrel(async (context, options) =>
{
var certificateClient = new CertificateClient(_uri, _azureCredential);
KeyVaultCertificateWithPolicy certificate = await certificateClient.GetCertificateAsync(certName);
var certificate = new X509Certificate2(certificate.Cer);
options.Listen(IPAddress.Any, 443, listenOptions =>
{
listenOptions.UseHttps(certificate);
});
});
What am I missing?
I first combined my cert.pem and privateKey.pem and regenerated the pfx. Then I updated how I got the cert from Azure Key Valut.
Old:
KeyVaultCertificateWithPolicy certificate = await certificateClient.GetCertificateAsync(certName);
New:
var certificate = await certificateClient.DownloadCertificateAsync(certName);
Now the private key is with the ssl cert