Entrust root CA needed in Multi Tenant App Services App in Azure

Question

I have a question regarding app services in Azure. We have a multi tenant plan App Service .NetFramework App. And we require it to have a root certificate of Entrust.

Azure tells me we can not install a Root Certificate in a multi plan app.

Following this link tells me that Entrust is not installed at the root of the Azure App Service. However Microsoft tells me Entrust is one of their trusted certificates.

How do I get around this? We know that https://ssiw.qvalent.com and https://ws.qvalent.com will have the SSL/TLS certificates replaced with Entrust certificates.

Do we have to check this in the code?

Answer 1

As per this document, it is clearly mentioned that App Service has a list of Trusted Root Certificates which you cannot modify in the multi-tenant variant version of App Service.

If the certificate on the remote service is a self-signed certificate or a private CA certificate, then it will not be trusted by the instance hosting your app and the SSL handshake will fail.

How do I get around this?

Only you can load your own CA certificate in the Trusted Root Store in an App Service Environment (ASE), for a single-tenant environment in App Service.

By using the two links provided in the above link, you can load your own CA certificate in the Trusted Root Store for a single-tenant environment in App Service only not for multi-tenant App Service plan.