I have inherited an App Service in Azure, and need to add a trusted root certificate to the App Service’s root certificate store. We have “Client Certificate Mode” set to Required, and the root CA for the client certificate needs to be trusted for the user to access the hosted Web App.
I found several articles online which refer to the approach of adding the .cer certificate to an App Service Environment (ASE) and then creating an application setting (WEBSITE_LOAD_ROOT_CERTIFICATES) on the App Service which should result in the certificate being present in the Cert:\LocalMachine\Root certificate store. Ref: https://docs.microsoft.com/en-us/azure/app-service/environment/certificates
The App Service I inherited does not reside in an ASE, so I performed both of these actions on the App Service itself, and the certificate is not present in Cert:\LocalMachine\Root nor Cert:\CurrentUser\Root. It is, however, present in Cert:\CurrentUser\My certificate store.
When users attempt to access the App Service, the event log records a root certificate error, and we believe that the root CA related to the client’s certificate needs to be added to the Root certificate store on the App Service. We have tried the method above, and we have also attempted to install the certificate using the Kudu PowerShell, but receive access denied messages.
Does anyone have documentation on how to add trust to the root certificate store on an App Service without an App Service Environment?