Azure App Service Certificate .PFX cannot be exported to .PEM file succesfully ?

Question

People,

I need some help in troubleshooting the SSL certificate issue where after the.PFX conversion to.PEM file using the OpenSSL.

The certificate is from Azure App Service Managed Certificate (GoDaddy) for 1-year validity with auto-renewal.
https://azure.github.io/AppService/2021/05/25/App-Service-Managed-Certificate-GA.html

According to https://developer.americanexpress.com/documentation#certificate-requirements I just need to execute:

openssl pkcs12 -in certificatename.pfx -out certificatename.pem

Which I have done with no issue or error.

However, it is always throwing errors when uploaded to the Amex portal?

Error:

Please upload a valid leaf certificate in PEM format

Thank you in advance.

Answer 1

@EnterpriseArchitect Thank you for your interest in exporting your App Service Managed Certificate.

We apologize but at this time, exporting the App Service Managed Certs is not a supported feature. This cert is meant to be provided as a free solution for developers looking to secure their Azure Web App.

The free certificate comes with the following limitations:

• Does not support wildcard certificates.
• Does not support usage as a client certificate by using certificate thumbprint (removal of certificate thumbprint is planned).
• Does not support private DNS.
• Is not exportable.
• Is not supported on App Service Environment (ASE).
• Only supports alphanumeric characters, dashes (-), and periods (.).
  Source

We invite you to share any product feedback here as the product group watches Azure Feedback for ideas on how to improve the product.

Please let us know if you have any further questions or concerns.