question

VD-7794 avatar image
0 Votes"
VD-7794 asked ·

Always Encryption Certificate import in Azure App Service

Hi Team,

I am using Always Encrypted concept for one of the columns in table in SQL database. Locally I have created CMK using local certificate and CEK. It works fine on local machine. Now I want to upload this certificate in Azure App Service. I have exported the certificate locally and uploading it to the App Service from TLS/SSL Certificate section. But it gets stuck at 'Validating' phase. There is no error displayed and certificate does not get uploaded.

Is there anything needs to be provided?

azure-sql-databaseazure-webapps-ssl-certificatesazure-webapps-security
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if you have chance to see below response. Let us know if you have any query on this.

0 Votes 0 ·

1 Answer

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered ·

Thanks for asking question! If you are looking to upload or import a private certificate to App Service, your certificate must meet the following requirements:

• Exported as a password-protected PFX file
• Contains private key at least 2048 bits long
• Contains all intermediate certificates in the certificate chain

Reference: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#private-certificate-requirements

Also note that you should be having admin rights on subscription to upload pfx cert.

Check: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles


Also, suggest you to access App Service diagnostics ; App Service diagnostics is an intelligent and interactive experience to help you troubleshoot your app with no configuration required.

Navigate to your App Service web app in the Azure portal. In the left navigation, click on Diagnose and solve problems > click on SSL and Domains > select certificate upload operation


69017-inkeddemo-li.jpg



You may also refer to this blog on Common errors when uploading certificates to Azure App Service might be helpful.

Please let us know if you have further question on this.

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you



inkeddemo-li.jpg (888.6 KiB)
· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @SnehaAgrawal-MSFT . I want to confirm if the MSSQL Provider certificate is supported in App service deployed on linux? I am getting an error saying it's not supported on this platform.

0 Votes 0 ·

Thanks for reply! Could you confirm on which image are you using? It may not have the underlying services to support MSSQL. You may need to make a custom image.

Please refer to linux - MSSQL_CERTIFICATE_STORE Operation is not supported on this platform might be helpful here.


0 Votes 0 ·
VD-7794 avatar image VD-7794 SnehaAgrawal-MSFT ·

@SnehaAgrawal-MSFT I am using linux container to deploy the app service.

0 Votes 0 ·