SSL policy errors: RemoteCertificateNameMismatch in Blob Storage

Andrii Chaika 25 Reputation points
2023-05-17T01:31:50.9766667+00:00

I have created a blob storage which is a part of the virtual network.

I created a private endpoint for the blob storage and disabled public access to the blob storage.

However, the wrong certificate is used when I try to use it in the app. 

2023-05-17T01:26:50.350877727Z       Request [bfa024d6-ed5a-4013-aab1-cad997a25aff] HEAD https://XXXXX.privatelink.blob.core.windows.net/viator-cache/viator-products/188/18889/1-100.json
2023-05-17T01:26:50.350903928Z       x-ms-version:2022-11-02
2023-05-17T01:26:50.350910428Z       Accept:application/xml
2023-05-17T01:26:50.351266839Z       x-ms-client-request-id:bfa024d6-ed5a-4013-aab1-cad997a25aff
2023-05-17T01:26:50.351280639Z       x-ms-return-client-request-id:true
2023-05-17T01:26:50.351286939Z       User-Agent:azsdk-net-Storage.Blobs/12.16.0 (.NET 7.0.5; Linux 5.10.164.1-1.cm1 #1 SMP Tue Jan 24 21:45:24 UTC 2023)
2023-05-17T01:26:50.351292439Z       Authorization:REDACTED
2023-05-17T01:26:50.351304140Z       client assembly: Azure.Storage.Blobs
2023-05-17T01:26:50.380557092Z ServicePointManager.ServerCertificateValidationCallback
2023-05-17T01:26:50.382571651Z SSL policy errors: RemoteCertificateNameMismatch
2023-05-17T01:26:50.384146896Z Certificate name mismatch. Requested host: XXXXX.privatelink.blob.core.windows.net, Certificate subject: CN=*.blob.core.windows.net

How to make sure that azure returns the right certificate *.privatelink.blob.core.windows.net?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,454 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,212 questions
0 comments
Accepted answer
  1. Silvia Wibowo 3,091 Reputation points Microsoft Employee
    2023-05-17T02:47:24.07+00:00

    Hi @Andrii Chaika , although you use private endpoint for your storage account, you need to use DNS entry of its public endpoint, eg. yourstorageaccountname.blob.core.windows.net

    When you create private endpoint for your storage account, it also creates a local DNS entry alias pointing the public endpoint to the private endpoint. Please check by command "nslookup yourstorageaccountname.blob.core.windows.net" to make sure it points to the private IP address.

    Reference: Tutorial: Connect to a storage account using an Azure Private Endpoint

    Connecting using public endpoint will solve SSL certificate mismatch issue.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest