Windows Azure Storage Certificate Expired

≯℡__Kan透↙ 提交于 2019-11-28 22:19:14
dr. foot fist headknocker

As a temporary measure I was able to log into the azure portal and change the protocol part of the connection string from https to http.

Two more possible solutions if you can RDP into your roles.

  1. Change the configuration manually in the c:\Config directory.
  2. Build a DLL that's patched to work around the problem, and manually upload it via RDP. The workaround could be hardcoded connection strings, or put in code to accept expired certs. For example: ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

(Hat tips to AlexNS on MSDN forums for idea #2 and to Jason Vallery for the cert validation callback code)

As noted in the comments, disabling HTTPS and/or ignoring certificate validation errors can compromise the security of your communications. So think hard before you do this, and change it back as soon as Microsoft fixes this problem.

We were able to dodge most of this in the first place through explicit use of HTTP endpoints for storage (we don't store anything too sensitive there).

In case you're in a similar situation and can do with HTTP endpoints, there is a workaround that allows you to upgrade your roles permanently. It involves Azure Powershell deployments with local packages and seems to work even when upgrades via the both portals continue to fail.

Just as a note - if you switch to http from https then the transfer mechanism no longer makes sure the data is transferred correctly, and you may need to check the MD5 of the blob.

StorageClient < 2.0 manages this sometimes with uploads, but reading this article, never from downloads.

For StorageClient 2.0, you may need to change the BlobRequestOptions to UseTransactionalMD5 (as detailed here)

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!