none
X509Certifcate2 issue in Azure WebJob RRS feed

  • Question

  • We are developing an Azure WebJob that needs to communicate to several servers, each one of them demanding a separate SSL connection.

    We have our certificates stored in an external server and load them at runtime together with the corresponding SSL connection settings.

    When we invoke the X509Certificate2 constructor in order to add it to the X509CertificateCollection, the WebJob gets stopped with exit code -1073740940 and its status becomes "PendingRestart".

    Our guess is that the X509Certificate2 class is not compatible with WebJobs, but we cannot find any hint on how to tackle this issue.

    The underlined piece of code in the GetClientCertificates function seems to break the WebJob.

    private X509CertificateCollection GetClientCertificates(byte[] sslCertificateBytes) { log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} started"); X509CertificateCollection result = new X509Certificate2Collection(); log_?.OnEvent($"{nameof(X509CertificateCollection)} {nameof(result)} construction successfull"); try { if (sslCertificateBytes != null) { log_?.OnEvent($"{nameof(sslCertificateBytes)} enumerable != null"); result.Add(new X509Certificate2(sslCertificateBytes, socketSettings_.CertificatePassword)); log_?.OnEvent($"result.Add successful"); } else if (!string.IsNullOrEmpty(socketSettings_.CertificatePath)) { log_?.OnEvent($"{nameof(socketSettings_.CertificatePath)} != null"); result = new X509Certificate2Collection(); log_?.OnEvent($"{nameof(X509CertificateCollection)} {nameof(result)} construction successfull"); var clientCert = StreamFactory.LoadCertificate(socketSettings_.CertificatePath, socketSettings_.CertificatePassword, log_); log_?.OnEvent($"{nameof(StreamFactory.LoadCertificate)} function ended"); if (clientCert != null) { result.Add(clientCert); log_?.OnEvent($"result.Add successful"); } } } catch (Exception ex) { log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} raised exception: {ex.Message}"); throw; } log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} ended"); return result; }

    We had the same code in a WepAPI project and noticed it worked like a charm on IIS Express, but not when published to Azure WebApp.

    Is there a way to manage SSL certificates in Azure?


    Friday, September 2, 2016 8:26 AM