This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 18%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
I have deployed a .net core application onto Azure App service on Linux. It is working fine locally but on azure we get the inner exception:
The owner of '/home/.dotnet/corefx/cryptography/x509stores/my' is not the current user.
How do we proceed?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Thanks for reaching here! Could you confirm, how are you generating certificates? if you are reusing the certificate sample?
You can generate it locally and upload it via the portal. Set the WEBSITE_LOAD_CERTIFICATES environment variable and use Add*Certificate(string thumbprint)` to load it from the X.509 store.
See: https://github.com/openiddict/openiddict-core/issues/976
let us know.
Thank you Sneha for the link. I have followed the suggestions and managed to upload the certs as well via the app service Private Certs blade.
I am now stuck where the app cannot find the cert. I am accessing my store by "new X509Store(StoreName.My, StoreLocation.CurrentUser);". I understand that certs are uploaded to /var/ssl/certs/ folder but the ssl folder does not exist. I tried to stop and start the app but same. I printed out in debug to see if there are any certs in the store, the return was 0.
Cannot find certificate with thumbprint [XXXXXXXXXXXXXXXXXXX] from the store with total 0 certs with user CurrentUser and path My and handle 0
The right place to store your certificates is in Azure Key Vault, https://learn.microsoft.com/en-us/azure/key-vault/general/overview
Then your .NET Core application can query the certificate from there, https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app
So I had to modify my code after i understood that the certs in Linux are handled differently compared to windows containers. In Linux had to load the cert file directly rather than looking for it in a store.
private X509Certificate2 GetX509CertificateLinux(string thumbprint)
{
if (string.IsNullOrEmpty(thumbprint))
return null;
string finalPath = $"/var/ssl/private/{thumbprint}.p12";
var bytes2 = File.ReadAllBytes(finalPath);
var cert = new X509Certificate2(bytes2);
return cert;
}