问题
We have an Azure web app which needs to call an internal web service via a VPN
We have configured everything but because the web service on our non-production internal servers uses a self-signed certificate, the call is failing:
The remote certificate is invalid according to the validation procedure.
Locally we can import the .cer into Trusted People.
How can this be achieved on Azure?
回答1:
You cannot import .cer file to Azure Web App servers. If you can modify your code, you may implement a workaround, creating your own certificate validation. An example:
ServicePointManager.ServerCertificateValidationCallback += (
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors) =>
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
else
{
var myGoodCert = X509Certificate.CreateFromCertFile(Server.MapPath("~/path/to/mycert.cer"));
return myGoodCert.Equals(certificate); // compares issuer and serial number
}
};
Remember to deploy the .cer file with your web app files or place it somewhere accessible from your webapp (azure blob storage, blob on sql, etc...)
来源:https://stackoverflow.com/questions/34203261/azure-web-app-calling-on-prem-service-with-self-signed-ssl-cert