This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .
In Java, the default keystore of windows App Service is windows-MY. This article illustrates you on how to know if the uploaded certificate is part of windows-MY keystore or not.
- After uploading the certificate (public/private) in AppService under TLS/SSL settings.
- Login to kudu -> navigate to /home/site/wwwroot folder
- Create a CertTest.java file on KUDU container in /home and copy the below code as per the instructions
If you already know the subject CN, you can replace the highlighted text part below.
Java code:
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.time.LocalDateTime;
import java.util.Enumeration;
public class CertTest {
public static void main(String[] args) {
// TODO Auto-generated method stub
try{
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
Certificate cert = ks.getCertificate("******"); // Provide the Subject CN of the certificate
System.out.println(cert);
}
catch (Exception ex){
ex.printStackTrace();
}
}
}
Sample log:
LogTime: 2021-11-29T13:50:07.720174200 Key alias = ********-CA : Is a key entry = false
LogTime: 2021-11-29T13:50:07.720174200 Showing certificate chain for *******-CA
[
[
Version: V3
Subject: CN=**********-CA, DC=corp, DC=frk, DC=com
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
If you don’t know the Subject CN but you have uploaded the certificate to app service, then you create a CertTest.java file and copy the below code. Which will bring all the certificates from which you can do a filter.
Java code:
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.time.LocalDateTime;
import java.util.Enumeration;
public class CertTest {
public static void main(String[] args) {
// TODO Auto-generated method stub
try{
KeyStore keyStore = KeyStore.getInstance("Windows-MY");
// Load keystore
keyStore.load(null, null);
Enumeration<String> aliases = keyStore.aliases();
String keyAlias = "";
//Listing available aliases
System.out.println("LogTime: " + LocalDateTime.now() + " Listing aliases " + aliases);
while (aliases.hasMoreElements())
{
keyAlias = (String) aliases.nextElement();
System.out.println("LogTime: " + LocalDateTime.now() + " Key alias = " + keyAlias + " : Is a key entry = " + keyStore.isKeyEntry(keyAlias));
//Output with the cert chain
Certificate[] chain = keyStore.getCertificateChain(keyAlias);
for(Certificate certChain : chain){
System.out.println("LogTime: " + LocalDateTime.now() + " Showing certificate chain for " + keyAlias);
System.out.println(certChain);
//Load just the certificate without the whole chain.
Certificate cert = keyStore.getCertificate(keyAlias);
System.out.println("LogTime: " + LocalDateTime.now() + " Showing just the certificate for " + keyAlias);
System.out.println(cert);
}
}
} catch (Exception ex){
ex.printStackTrace();
}
}
}
Please refer to the link - https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#load-certificate-in-windows-apps
Thanks for reading!!!