question

VincentVoorheijen-7935 avatar image
0 Votes"
VincentVoorheijen-7935 asked ·

Error message occurs when trying to upload pfx certificate to App Service

Hello,

We have an App Service running containing a Wordpress instance.
I need to update the wildcard SSL certificate as it is about to run out.
From my Cert authority I have received pfx files, both with and without intermediate ca inside.

When trying to import it as a Private certificate I receive the following error:

46594-image.png



I cannot find any additional information.
Have tried to change the pfx password to a more simple password but to no avail.

What can be the cause of this?

azure-webapps-ssl-certificates
image.png (32.0 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered ·

Update: The issue here was due to Insufficient rights which caused the useless error message. After granting the correct rights the problem was resolved.

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm currently experiencing the same issue, which rights were needed to give a solution to this?

0 Votes 0 ·
SnehaAgrawal-MSFT avatar image SnehaAgrawal-MSFT DionysSalvadorArismendy-1026 ·

Thanks this means you should be having admin rights on subscription to to upload pfx cert.
You may refer to below link might be helpful:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

1 Vote 1 ·
VincentVoorheijen-7935 avatar image
0 Votes"
VincentVoorheijen-7935 answered ·

App Service Plan is B1, which should allow for SSL Certificates. Also, the old currently installed certificates are properly binded and working.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered ·

Thanks for asking question! You may want to know that if you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements:

• Exported as a password-protected PFX file
• Contains private key at least 2048 bits long
• Contains all intermediate certificates in the certificate chain

Reference: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#private-certificate-requirements

Also, suggest you to access App Service diagnostics ; App Service diagnostics is an intelligent and interactive experience to help you troubleshoot your app with no configuration required.

Navigate to your App Service web app in the Azure portal. In the left navigation, click on Diagnose and solve problems > click on SSL and Domains > select certificate upload operation

46648-inkeddemo-li.jpg



You may also refer to this blog on Common errors when uploading certificates to Azure App Service might be helpful.

Let us know if you have further question on this.

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you



inkeddemo-li.jpg (888.6 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VincentVoorheijen-7935 avatar image
0 Votes"
VincentVoorheijen-7935 answered ·

Hello,

The certificate meets the requirements. This was checked with the Cert. Authority.
Also tried to upload an older certificate which is in use at other App Services, fails with the same error: Upload for private certificate failed. Check the notification error for more details which leads me to believe the issue is on the Azure side.

The password for the pfx must be correct. When changing the password the error changes telling me the password is incorrect.

App Service Diagnostics shows no errors (No uploads either for that matter, which seems strange to me as I have tried it 4 times also with different certificates):
46892-image.png

After checking in the Resource Explorer there is no conflicting information which could keep this certificate from importing. All information in there is from current / older certificates.

What I do find strange is that an installed certificate (Old certificate) shows a different Certification path:
46866-image.png than on my computer while having the same Thumbprint:
46845-image.png


image.png (51.5 KiB)
image.png (6.0 KiB)
image.png (4.4 KiB)
· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the clarification. Could you please send an email to AzCommunity[at]Microsoft[dot]com referencing this issue, we would like to work closer with you on this matter.

0 Votes 0 ·
VincentVoorheijen-7935 avatar image
0 Votes"
VincentVoorheijen-7935 answered ·

Sent the requested E-mail, will update this post when we have the solution.

· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We are experiencing the same problem. Did you have this issue solved?

0 Votes 0 ·

This issue was due to Insufficient rights which caused the useless error message. After granting the correct rights the problem was resolved.

0 Votes 0 ·

Thanks for your reply, but I am an administrator already. I have all rights needed. Is another reason possible for my problem?

0 Votes 0 ·
VincentVoorheijen-7935 avatar image
0 Votes"
VincentVoorheijen-7935 answered ·

There are separate locations where you can be assigned Admin Priviliges.
In my case at first I was missing the Global Admin role in our Tennant.
Another time I did not have Admin priviliges on the subscription I was trying to upload the certificate to.

That's is all the advice I have for you.
Otherwise you might need to open a ticket with MS for troubleshooting.

Good luck with the issue.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your response. I will look into it again and eventually contact MS.

0 Votes 0 ·