我可以在没有自定义域的情况下在Azure App Services上使用客户端证书吗? [英] Can I use Client Certificates on Azure App Services without a custom domain?
问题描述
出于测试目的,我想在Azure应用服务(运行WCF Web服务)中启用传入客户端证书"选项,并查看我的客户端应用程序是否仍然可以连接到Web服务.由于我仍处于测试阶段,因此我的应用程序服务仍然具有.azurewebsites.net域名.
For testing purposes I would like to enable the 'Incoming Client Certificates' option in my Azure App Service (running a WCF webservice), and see if my Client application can still connect to the webservice. Since I am still in a testing phase, my app service still has the .azurewebsites.net domain name.
但是,我似乎无法弄清楚如何获得服务器将接受的适当的客户端证书(无需切换到自定义域名,我知道它将起作用).
However, I can't seem to figure out how to get a proper client certificate that the server will accept (without switching to a custom domain name, which I know will work).
目前,我看到两种可能的解决方案:
Currently, I see 2 possible routes to a solution:
- 以某种方式获得由App Service服务器信任的CA签名的.cer的帮助.
- 使用我自己的自签名CA生成自签名的.pfx和.cer.在应用程序服务上导入pfx,然后在客户端上安装.cer.
到目前为止,两个方向都没有取得任何成功.有人对这个有经验么?
Both directions have not yielded any success so far. Does anyone have any experience with this?
推荐答案
根据我的理解,客户端证书由客户端系统用来向远程服务器发出经过身份验证的请求.在这种情况下,您的Web服务是处于C/S模式的远程服务器.如您所指出,验证此证书是Web应用程序的责任.因此,这意味着只要您不验证任何内容,任何证书都将有效".它不会影响您在Web应用程序服务中是否具有自定义域.
Per my understanding, the client certificate is used by client systems to make authenticated requests to a remote server. In this case, your webservice is the remote server in a C/S mode. As you point out, "validating this certificate is the responsibility of the web app. So this means that any certificate will be valid as long as you don't validate anything". It does not effect on whether you have a custom domain or not in your web app service.
If you want to use client cert authentication with Azure app, you can refer to How To Configure TLS Mutual Authentication for Web App.
这篇关于我可以在没有自定义域的情况下在Azure App Services上使用客户端证书吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
