如何让 azure 应用服务信任 OnPrem CA 颁发的证书? [英] How to make the azure app service trust the certificates issued by the OnPrem CA?

问题描述

我正在尝试在 https 协议下使用来自 Azure APP 服务的本地 Web 服务.当我这样做时，我收到了错误

I am trying to consume an onprem webservice from Azure APP service under https protocol. While I do I received the error

根据验证，远程证书无效程序

The remote certificate is invalid according to the validation procedure

这很有意义，因为默认情况下 Azure 不必信任该服务，提供由 OnPrem CA 颁发的证书.但是，有没有办法配置对应用服务的信任.

This is meaningful, as Azure by default don't have to trust the service, presenting certificate issued by the OnPrem CA. However, Is there a way to configure the trust in app service.

我尝试上传基本编码格式的公钥证书 .cer 文件，并使用以下文章中指定的应用密钥 WEBSITE_LOAD_ROOT_CERTIFICATES 更新应用设置https://docs.microsoft.com/en-us/azure/app-service/environment/certificates

I tried uploading the public key certificate .cer file in Base encoded format and updated the app setting with the app key WEBSITE_LOAD_ROOT_CERTIFICATES as specified int he below article https://docs.microsoft.com/en-us/azure/app-service/environment/certificates

它运行良好，我得到了同样的错误.我的理解是否正确/你是否是正确的方法.

It dint work well and I get he same error. Is my understanding right/ Is thee a right way to do it.

推荐答案

我错过了上传中间 CA 的公共证书，因为中间 CA 已经为本地服务颁发了证书.

I missed to upload the Intermediate CA's public certificate, as intermediate CA has issued the certificate for the on prem service.

添加后，我更改了应用密钥 WEBSITE_LOAD_ROOT_CERTIFICATES 以保存根 CA 和中间 CA 证书逗号分隔的指纹.这使通信成为可能.

After I have added, I have changed the appkey WEBSITE_LOAD_ROOT_CERTIFICATES to hold the thumbprint of both root CA's and intermediate CA's certificate comma separated. That enabled the communication.

这篇关于如何让 azure 应用服务信任 OnPrem CA 颁发的证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！