question

Thanks for asking question! Just to confirm how have you configured? As WEBSITE_LOAD_CERTIFICATES has to be added via the Application settings in the portal (does not work if you add it in your Web.config)

Current user certificate store is local to a user account on the computer and is in the registry under the HKEY_CURRENT_USER root. Also, all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. Similar thread here might be helpful

Reference : https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores

Hi and thanks for your reply.

To answer your first question: We configured "WEBSITE_LOAD_CERTIFICATES" via application settings in the portal. Also the private key certificate we want to access in the code is included via the "TLS/SSL settings" in the portal. We copied the thumbprint from the "TLS/SSL settings" in the portal and ensured, it has no invisible characters or anything else. We also have a custom domain binding, using this certificate and the website loads perfectly with this certificate.

When i access the Kudu-Tools of the app service and go to "Debug console" (on the top) -> "PowerShell" i can perform a cd cert:\CurrentUser\My and a ls and the certificate thumbprint which i entered in "WEBSITE_LOAD_CERTIFICATES" is listed there.

In our code we access the certificate as follows:

using (var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { certStore.Open(OpenFlags.ReadOnly); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false); if (certCollection.Count > 0) { return certCollection[0]; } } throw new Exception($"Unable to load certificate by thumbprint '{thumbprint}'");

We do the exact same thing on our production environment, just with another certificate and of course another thumbprint.

Thank you