c# - Accessing uploaded certificates in azure web sites

Question

When I was using the web role I was just uploading the certificate in azure portal and I was able to see it .Now I have switched to the website in azure and I uploaded the certificate in the azure management portal but my code does not see it at all.

Is there some configurations we need to do or some other way to access uploaded certs in azure web sites.

This is how I am trying to access the uploaded cert .

private List<string> GetAvailableCertificatesFromStore()
{
    var list = new List<string>();
    var store = new X509Store(StoreName.My,StoreLocation.LocalMachine);
    store.Open(OpenFlags.ReadOnly);

    try
    {
        foreach (var cert in store.Certificates)
        {
            // todo: add friendly name
            list.Add(string.Format("{0}", cert.Subject));
        }
    }
    finally
    {
        store.Close();
    }

    return list;
}

Answer 1

Using certificates in an Azure WebSite works differently to how it does in a local copy of IIS or even when running a web site in debug mode from Visual Studio. In short, the website does not have access to a certificate store in the traditional sense of the term ... it is all done in memory.

Firstly, once you have uploaded your certificate through the Azure portal you need to add an appsetting (also through the portal) called WEBSITE_LOAD_CERTIFICATES and set the value for this to the thumbprint of your uploaded certificate. This can be a comma separated list of multiple thumbprints if you want, or even * to load all your uploaded certificates. I'm presuming this forces the certificates to be loaded in to memory.

To then load your certificate, you can do the following:

var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);

var certs = store.Certificates.Find(X509FindType.FindByThumbprint, YOUR_THUMBPRINT, false);

Change the 'false' to 'true' if you want to ensure the certificate is valid.

I found this information here, which explains it much better than I have: http://azure.microsoft.com/blog/2014/10/27/using-certificates-in-azure-websites-applications/