Add support for uploading .cer files for Certificates
Restricting to .pfx files for certificates makes sense in the context of TLS/SSL.
The thing is, we're using this same cert functionality for non-SSL certs that we just want to have available for the website (like pfx files for encryption or cer files for communicating with other systems that use cert based auth). With Cloud Services, whether it was an SSL cert or a non-SSL cert, pfx or cer, they were all configured the same way and made available via the cert store. With Azure websites, the response we've got is, us the SSL mechanism for pfxs and drop your cers into AppData or something, however this makes the migration from Cloud Services to Azure websites not as seamless requiring us to change code where we look up those certs...
Making this available would make it easier for customers to migrate from Cloud Services to websites.
We’re happy to share that App Service Certificates now supports public certificates (.cer)! Please find our blog post detailing the support here:
For additional support on the feature, you may ask a question on the blog post, or open a question on the developer forums through MSDN or Stack Overflow.
Thank you for the update on this request.
I was under the impression that this is possible by copying the entire base64 certificate file contents into an application setting. This is then accessible within the application?
James Estes commented
Any status on this issue.
its been several months without an update, has there been any change from this request being under review? This functionality is already built into IIS which azure web apps are based off.
Any updates on the under review status?? would like to see the ability to upload a public key to the vault for using mutual auth in a web app.
This is still under review and we will update when we have news.
Rune Synnevåg commented
Any updates here?
Sid Shetye commented
We also need this.
In fact, as of today, you can't even programatically install your own certificates (e.g. read from App_Data and Add(..) to store) to the Root or CertificateAuthority stores - even in CurrentUser store location. You get "CryptographicException: Access is denied." which is bizarre because customers are paying for the entire app VM. I'll add this as a separate item just because of the programmatic way vs portal GUI way.
If you're serious about hosting secure applications, you need to provide access to the certificate stores (for non-SSL security operations) and also support client SSL authentication.
Andreas Brglez-Hummer commented
We also need this functionality! We have to use third party certificates from issued from a private CA. This is only working if you use Cloud Apps where you can upload all certificates needed to build the chain. For me an alternative could be that all certficates from an PFX file are automatically added to the appropriate stores since you can restore the whole certificate chain from an PFX if you have chosen to export the full chain.
Matthieu Bapaume commented
We need to install .cer files to provide a chained certificate pfx file to our customer. This is a migration from a cloud service with that funtionality already in production.
This improvment would be great.