Using pfx passphrase in Node application - mac verify failure error

Josh Ferriday 1 Reputation point

I'm trying to implement https in an express server using the node-spdy library. Part of the configuration of this involves supplying a security certificate and key, or a pfx file and passphrase.
I've created a self-signed certificate and key for development purposes, and created a pfx using OpenSSL. During creation, I choose a password for my pfx file.

Configuration in node to use the file is as follows (example from this GitHub issue:

var options: {  
  pfx: fs.readFileSync(__dirname + '/keys/spdy.pfx'),  
  passphrase: 'spdypass'  

To use my pfx in code, I have uploaded it to the TLS/SSL settings in the Azure App Service page for my application in Azure Portal. Here I'm promted for the pfx file password, and enter it correctly to validate it. I've also done this using the Key Vault service (to try and see if that works). The password is definitely correct, because it validates my pfx, and I'm also able to read the pfx using OpenSLL by providing the password. I then access the pfx file using the thumbprint as described in 'Use a TLS/SSL certificate in code' documentation. If I log the locations of the certificates (e.g. var/ssl/private), I see that the file is there, stored as a p12 file (I understand this to be the same as a pfx).

Unfortunately, when I try to start the app service, I get the following error:


I have exactly the same password in my 'options' object as used to verify the pfx on Azure and to open it using SSL. Furthermore, when running this locally it works fine, accepts the password and runs the https-enabled server from localhost.

Is there some way that passphrases should be formatted for use with Azure? Any help would be appreciated.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,155 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 26,771 Reputation points Microsoft Employee

    Hi @Josh Ferriday , try loading the pfx in your code without the pass phrase. Instead, use an empty ("") string and comment down below if that worked or not.

    0 comments No comments