I want to secure my API with a PFX cert which I have stored in my Key Vault and want to secure my API with it, however for some reason this doesn't seem to work the way I expect.
If I have the cert installed on my machine it works perfectly. I was wondering if its possible to store the cert in Key Vault and then secure my API with it as opposed to looking it up in the certificate store on my machine?
Scenario
The scenario is I have a .NET Core Web API which talks to Key Vault. This Key Vault contains my PFX certificate, which when I uploaded prompted for my password. So everything seems fine at this point.
Implementation
Secure the API using the PFX certificate I pull down from Key Vault using the following code:
var client = new KeyVaultClient(new KeyVaultCredential(GetToken));
var cert = client.GetCertificateAsync("https://somekeyvaultsomewhere.vault.azure.net/", "my_tls_cert").Result;
var certificate = new X509Certificate2(cert.Cer);
var host = new WebHostBuilder()
.UseKestrel(options =>
{
const int PortNumber = 5001;
options.Listen(
new IPEndPoint(IPAddress.Any, PortNumber),
listenOptions =>
{
listenOptions.KestrelServerOptions.AddServerHeader = false;
listenOptions.UseHttps(certificate);
});
})
.CaptureStartupErrors(true)
.UseStartup<Startup>()
.Build();
host.Run();
Expected Behaviour
When I browse to https://localhost:5001/ I am expecting the browser to prompt me to except the certificate and continue (Chrome).
Actual Behaviour
I get no response and no prompt to accept the certificate. In fact I get content is not reachable.
I want to secure my API with a PFX cert which I have stored in my Key Vault and want to secure my API with it, however for some reason this doesn't seem to work the way I expect.
If I have the cert installed on my machine it works perfectly. I was wondering if its possible to store the cert in Key Vault and then secure my API with it as opposed to looking it up in the certificate store on my machine?
Scenario The scenario is I have a .NET Core Web API which talks to Key Vault. This Key Vault contains my PFX certificate, which when I uploaded prompted for my password. So everything seems fine at this point.
Implementation Secure the API using the PFX certificate I pull down from Key Vault using the following code:
Expected Behaviour When I browse to
https://localhost:5001/
I am expecting the browser to prompt me to except the certificate and continue (Chrome).Actual Behaviour I get no response and no prompt to accept the certificate. In fact I get
content is not reachable
.