'IdentityServer4 loading certificates in a Linux Web App in Azure
At the moment I have a web app that works in developer mode, but I am trying to make it work with a self-signed certificate in a Linux Web App in Azure. I have already uploaded the .pfx file to Azure and loaded it into the container by setting the WEBSITE_LOAD_CERTIFICATES application setting. At first, I tried using the store, however, this does not work in Linux.
Instead, I have already been able to find the file where it is uploaded (to a .p12 file), however, when I try to load the certificate manually I get the error error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure which seems to be a problem with the password, but I have verified the password is correct multiple times.
A post here has the method of generating the self-signed keys using openssl, and shows the same issue.
Note: Loading the certificate works on both Windows and Ubuntu, just not in the Linux Web App in Azure.
Solution 1:[1]
In order to get around this, I used the certificate created through azure with the "Create App Service Managed Certificate" option. The password supplied when loading the certificate is just an empty string ("").
Solution 2:[2]
For me the solution of an IdentityServer4 hosted on linux in azure was in this Github Issue: https://github.com/IdentityServer/IdentityServer4/issues/4000
The method AddApiAuthorization() overwrites the AddSigningCredential()!
Furthermore you have to specify the IssuerUrl:
services.AddIdentityServer(options =>
{
options.IssuerUri = "https://your.azurewebsites.net/";
})
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jamie Mair |
| Solution 2 | Flow |