Hi, I've deployed a Python application to an Azure App Service for Linux containers, to which an SSL certificate has been attached. I also need this certificate in my code to be able to make requests to a server. To get this to work, I've followed this documentation:
https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#load-certificate-in-linuxwindows-containers
According to this documentation I should be able to load the (private) SSL certificate into the app from inside the Linux container from this location: f'/var/ssl/private/{thumbprint}.p12'. When I uploaded the SSL certificate to attach it to the app service, it was in .pfx format (which I created from the private key in .key format, a .crt file and a .ca-bundle file using OpenSSL). Apparently this gets converted from the .pfx file to a .p12 file inside the container. For consistency in my code, I also created a .p12 file to test my code with locally, using the same original resources that I used to create the .pfx file with. The local .p12 file is working perfectly, but so far I can't get the .p12 file from inside the deployed container to work.
My app is able to find this .p12 certificate from inside the container, but I got an error that the password was incorrect upon trying to load its content into the app. I was assuming that this would be the same password that I used to create the .pfx file, but it seems like that's not the case. Upon comparing the certificate's content with the content of the local .p12 certificate that I created myself, I also noticed that these are different from each other. Not sure if the latter is useful information, but I thought I'd mention it just in case. Could someone help me figure out how to find the password to the .p12 file that's inside the Linux container please?
Here's the code that I'm using to load the certificate into the app:
from cryptography.hazmat.primitives.serialization.pkcs12 import load_key_and_certificates
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
from cryptography.hazmat.backends import default_backend
client_cert = f'var/ssl/private/{private_key_thumbprint}.p12'
with open(client_cert, 'rb') as pkcs12_file:
pkcs12_data = pkcs12_file.read()
certificate_password = 'password_here'
pkcs12_password_bytes = certificate_password.encode('utf8')
backend = default_backend()
py_ca_p12 = load_key_and_certificates(pkcs12_data, pkcs12_password_bytes, backend)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 21%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
