Download TLS Certificate in .pem file

Question

Download TLS Certificate in .pem file

Nathan Cattin 1

Hello everyone,

I have a TLS certificate on Azure App Service (not managed by me) and I have to add it on my edge device to validate it when connecting. My edge device is a custom board with a STM32 MCU, and as I know I have to write the certificate in my code. It seems that the certificate has to be in .pem format to add it in my code. Here is how I can see my certificate :

I have read this article but it does not explain how to convert my certificate to .pem file.

https://learn.microsoft.com/fr-fr/azure/app-service/configure-ssl-certificate-in-code

Do you have any other information or documentation about how to do that ? Thanks a lot in advance

3 answers

Your answer

Answer 1

@Nathan Cattin ,

You have stated that, the certificate is not managed by you. To better assist you on this, just to clarify, is this free App Service managed certificate (ASMC) or purchased App Service Certificate (ASC) or private certificate from a third-party provider uploaded by any other user (on your subscription co-admin or any of your peer managing the certificate).

If it’s ASMC - it does not support usage as a client certificate by using certificate thumbprint.
And, you will not be able to export your App Service Managed Certificates as they are managed by the platform.

Based on your requirement, you may leverage ASC or any 3rd party certificate.

Reference doc section:

Additional info | Just to highlight:

On App Service, to access a certificate in your app code, add its thumbprint to the WEBSITE_LOAD_CERTIFICATES app setting.

As for as converting certificate file format, if it’s 3rd party certificate, you can ask your CA to provide the certificate in the required format. There are also third-party tools that can help you convert the certificate to the proper format.

Answer 2

Nathan Cattin 1

Thank you for your answer,

I have had some discussions with the guy in charge of Azure server for my company (I am responsible of the edge/client part), and I do not know how but he sent me the certificate that I must use on my device. I have this certificate in 2 files : one is a .cer file and the other is a .pfx file.

What do I have to do now to have a .pem file ? Can I do it with one of the 2 files I have ?

ajkuma 28,036 Reputation points Microsoft Employee Moderator

2022-03-02T13:40:19.107+00:00

Nathan, thanks for the follow-up. It's not clear on what edge device(?) you're referring to here and the certificate that was shared by peer/technician. If you could share more info on that, we will be able to help point you in the right direction.
So, I'm just sharing generic info:
A cert can be imported into Key Vault – PFX or PEM, see this doc for more : Import a certificate
If it's related to device enrollment for IoT device: Create a device enrollment -both .pem or .cer file supported.
Nathan Cattin 1 Reputation point

2022-03-02T13:57:16.207+00:00

The edge device is a custom board with a STM32 MCU. It has been developped with a SDK coming from ST, with some modifications on the application layer, made by me and the guy working on this project before me. In the originial SDK, TLS certificate must be sent to the MCU via serial COM port, in PEM format. The guy working on this project before me has changed this part, and he wrote directly the certificate in the code (C language) as a string array. But it seems it is not the good certificate.

So now I have the certificate in PFX and CER format, but as I understand I have to convert one of these files to get a PEM file. I am sorry but I really do not know how the technician get the certificate, I just told him I need it and he sent me.
ajkuma 28,036 Reputation points Microsoft Employee Moderator

2022-03-03T19:29:25.05+00:00

Nathan, Thanks for the follow-up and sharing additional info. With App Service Certificate (ASC) , you protect traffic to and from your web application | for standard and wildcard certificates. Protect webApp that has a custom domain, with SSL certificates (protect www domain / naked domain /wildcard domain).

It looks like there is some confusion, it’s not clear why you’re wanting to leverage App Service Certificate (from your first screenshot- highlighting Azure WebApp TLS settings blade), and also, you’re referring to the certificate sent by your technician. From your description, it sounds like ASC and edge device configuration both are different setup and configuration, but you may mixing up here.

If feasible, as mentioned this doc: “You can ask your CA to provide the certificate in the required format. There are also third-party tools that can help you convert the certificate to the proper format.” Or if viable, you may request your technician to send the certificate in PEM file format. How can I convert my certificate to the proper format?

If you still need assistance on this, please let us know we would need some more details about your Webapp and subscription for a much closer look, so I’ll follow-up with you privately.

Apologies the issue still persists. Please let us know we're here to help. Thanks for your patience!

Answer 3

Nathan Cattin 1

Daer Ajkuma, thank you for your time on my issue.

Finally, my technician sent me the certificate under PFX format, and I simply had to use OpenSSL command line to convert it to PEM format. Now I will add it in my device (C language) and check if it work.

ajkuma 28,036 Reputation points Microsoft Employee Moderator

2022-03-07T13:45:17.683+00:00

NathanCattin-7609, Hope you'd a good weekend.

Thanks for the follow-up and sharing progress on this issue. Hope adding the certificate helps. Much appreciated!

--
To benefit the community find the right answers, please do mark the post which was helpful by clicking on ‘Accept Answer’ & ‘Up-Vote’.

Share via

Download TLS Certificate in .pem file

3 answers

Your answer