如何信任Azure Web应用程序中的Active Directory根CA证书？ [英] How can I trust an Active Directory Root CA Certificate in an Azure Web Application?

问题描述

我有一个Azure Web角色，其SSL端点使用从我的公司Active Directory证书颁发机构获得的证书配置，以及Azure Web App需要通过SSL连接到此Web角色。由于Web App无法验证Web角色SSL证书的CA，因此连接失败。

I have an Azure Web Role with an SSL endpoint configured using a certificate obtained from my companies Active Directory Certificate Authority, and an Azure Web App that needs to connect to this Web Role over SSL. As the Web App cannot verify the CA for the Web Roles SSL cert, the connection fails.

如何从Azure Web App中信任我的CA？如果它是完整的Windows实例，则CA证书将添加到可信证书颁发机构存储中，因此如何使用Azure Web App执行此操作？

How can I trust my CA from within the Azure Web App? If it were a full Windows Instance, the CA certificate would be added to the Trusted Certificate Authority store, so how do I do this with an Azure Web App?

推荐答案

不幸的是，您无法将证书添加到Azure Web App上的受信任证书颁发机构。如果可能的话，安全隐患会非常糟糕。

Unfortunately, you cannot add a certificate to the trusted certificate authority on an Azure Web App. The security implications would be quite bad if that were possible.

但是，您可以做的是覆盖SSL验证的框架代码以包含您的特定证书（例如，在.NET中，这将是ServicePointManager.ServerCertificateValidationCallback）。此堆栈溢出问题和答案显示了如何为.NET执行此操作：如何在C＃中覆盖ServicePointManager.ServerCertificateValidationCallback时调用默认证书检查？

However, what you can do is override the framework code for SSL verification to include your particular cert (for example in .NET this would be ServicePointManager.ServerCertificateValidationCallback). This stack overflow question and answer shows how to do that for .NET: How to call the default certificate check when overriding ServicePointManager.ServerCertificateValidationCallback in C#?

这篇关于如何信任Azure Web应用程序中的Active Directory根CA证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！