I have uploaded two certificates to the Windows Azure Portal, a server certificate and a client certificate. In visual studio's I have configured my Azure project to have these two certificates and pointed them to the proper name and store location. My Service's web.config has the following lines in it:<serviceBehaviors>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceCertificate findValue="certificate-thumbprint" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint"/>
Which should set my serverCertificate for my service.
The problem i'm running into is that the first time I did my deployment it worked successfully. I was able to connect to the service. However, everytime now that I have published my service again, I get the following error:
Found multiple X.509 certificates using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindByThumbprint', FindValue 'certificatethumbprint'. Provide a more specific find value.
However as far as I know there is actually only one certificate with this thumbprint. (I have confirmed that if I go into Azure Management, I only see once instance of my client and server certificate.).
If I delete my deployment from Azure Management and deploy again, everything works. But that is a hassle to do every time. Any suggestions on what I'm doing wrong?
When you say the server certificate and client certificate do you mean the pfx and cer files? If so, you don't need to upload the cer file. The cer file is just the public key, and the pfx is both the public and private key. If you are uploading both files that means you're uploading two copies of the public key, which might be causing the problem.
Try removing the cer file. Just a guess though... not sure why it would work the first time but not subsequent times.
Developer Security MVP | www.syfuhs.net
No, I mean two separate certitificates. One for SSL and one for Client based authentication. No .cer file is involved, just the two pfx files. I have modified my public advanced settings option to disable deployment upgrades and this seems to of resolved the problem for now, but I would still prefer to figure out the overall issue. I'm not sure how to go about doing so though.