Azure: get a service certificate without defining additional configuration

My cloud service has the following configuration:

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration ...>
  <Role name="...">
      <Setting name="MyCertThumbprint" value="AB687DC9F63D51AE6E9522B86B97EFD15F55EA42" />
      <Certificate name="MyCert" thumbprint="AB687DC9F63D51AE6E9522B86B97EFD15F55EA42" thumbprintAlgorithm="sha1" />


Look at the redundancy?

I want to get rid of the MyCertThumbprint configuration. Is there an Azure API that gives me access to the MyCert fingerprint? Or maybe the X509Certificate2 instance itself (i.e. no need to search for it using the X509Store)?


source to share

1 answer

Sure. If you know other information about the certificate, you can use any of the X509FindType enumerations using the X509Certificate2Collection.Find Method . Unfortunately, the Certificates section of the ServiceConfiguration is for finding a certificate in the cloud service certificate store and installing that certificate on the virtual machines associated with the role you are deploying. The API does not have direct access to the section. So your choice is to hard-code something like the subject name of a certificate or fingerprint and hope it doesn't change, or add a parameter, as you demonstrated in your code example, that is configured on every deployment.

The ConfigurationSettings section renders the appSettings section in the web.config file and is used in conjunction with CloudConfigurationManager.GetSetting ("settingsKey"), first looking in the ServiceConnfiguration and then in the web.config file for application settings, local in the emulator or just IIS, express and execute that same functionality. Therefore, we duplicate the settings in both ServiceConfiguration and web.config.



All Articles