Hi,
I'm not quite sure whether this is even supposed to work on Azure. We'll look into that.
Possible workaround: Add the .PFX file into certificate store and access it via CertificateStore
class (similar to .NET's X509Store
).
Another possible workaround: Instead of .PFX files, use .P7B/.KEY pair where the .P7B file contains the certificate chain and the .KEY file contains the encrypted private key. To convert .PFX file to .P7B/.KEY, use the following code:
public static void ConvertPfx(string pfxPath, string password)
{
// convert a .pfx or .p12 file to .p7b/.key file pair (retains the original password)
string name = Path.GetFileNameWithoutExtension(pfxPath);
var certChain = CertificateChain.LoadPfx(pfxPath, password);
certChain.Save(Path.ChangeExtension(name, ".p7b"));
certChain.LeafCertificate.SavePrivateKey(Path.ChangeExtension(name, ".key"), password, PrivateKeyFormat.OpenSsh, true);
}
And to load the .P7B/.KEY files, use this code:
public static CertificateChain LoadChain(string chainPath, string keyPath, string password)
{
var chain = CertificateChain.LoadP7b(chainPath);
var key = new PrivateKeyInfo();
key.Load(keyPath, password);
chain.LeafCertificate.Associate(key);
return chain;
}