我们正在开发一个需要与多个服务器通信的Azure webjob,每个服务器都要求单独的SSL连接。
我们将证书存储在外部服务器中,并在运行时加载相应的SSL连接设置。当我们调用X509Certificate2构造函数以将其添加到X509CertificateCollection时,webjob将以退出代码-1073740940停止,其状态变为" PendingRestart"。我们的猜测是X509Certificate2类与webjobs不兼容,但是我们找不到任何关于如何解决这个问题的提示。
产生问题的代码行是 -
new X509Certificate2(sslCertificateBytes, socketSettings_.CertificatePassword))
private X509CertificateCollection GetClientCertificates(byte[] sslCertificateBytes)
{
log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} started");
X509CertificateCollection result = new X509Certificate2Collection();
log_?.OnEvent($"{nameof(X509CertificateCollection)} {nameof(result)} construction successfull");
try
{
if (sslCertificateBytes != null)
{
log_?.OnEvent($"{nameof(sslCertificateBytes)} enumerable != null");
result.Add(new X509Certificate2(sslCertificateBytes, socketSettings_.CertificatePassword));
log_?.OnEvent($"result.Add successful");
}
else if (!string.IsNullOrEmpty(socketSettings_.CertificatePath))
{
log_?.OnEvent($"{nameof(socketSettings_.CertificatePath)} != null");
result = new X509Certificate2Collection();
log_?.OnEvent($"{nameof(X509CertificateCollection)} {nameof(result)} construction successfull");
var clientCert = StreamFactory.LoadCertificate(socketSettings_.CertificatePath, socketSettings_.CertificatePassword, log_);
log_?.OnEvent($"{nameof(StreamFactory.LoadCertificate)} function ended");
if (clientCert != null)
{
result.Add(clientCert);
log_?.OnEvent($"result.Add successful");
}
}
}
catch (Exception ex)
{
log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} raised exception: {ex.Message}");
throw;
}
log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} ended");
return result;
}
有没有办法在Azure Webjobs上管理SSL证书? 提前致谢
答案 0 :(得分:2)
Azure webjobs运行到其父webapp的相同环境中。您可以按照本文将证书导入Web应用程序:
简而言之:
$news = array() // fill this array with your news posts
$blog = array() // fill this one with your blog posts
for($i = 0; $i < count($news); $i++) {
echo $news[$i];
echo $blog[$i];
}
的应用设置,其值设置为证书的指纹(使其可供您的网络应用访问)要记住的重要事项:
证书将安装到工作进程的ApplicationPool标识的个人证书存储区。
所以要从您的webapp或webjob访问证书:
WEBSITE_LOAD_CERTIFICATES