Question 105450 in Azure Question posted in
The official documentation to get you started can be found here.

How to bind a custom TLS/SSL certificate to an Azure App Service app using Python?

The Microsoft Azure documentation has an article on how to Add a TLS/SSL certificate in Azure App Service from the web portal. That page links to the documentation on how to do the same thing from using the Azure cli.

My goal is to do the same thing, but using native Python. I’ve been looking at the documentation for the azure.mgmt.web package, including the documentation for the WebSiteManagementClient class.

Question: is there a way to upload and bind a PKCS12 private key certificate to an Azure web app using native Python? I am willing to consider alternatives, like uploading a public key certificate or calling the Azure CLI tool using the subprocess module.

Here’s the code I have so far:

from azure.mgmt.web import WebSiteManagementClient 
from azure.identity import ClientSecretCredential

# Assume client_id, secret, tenant, resource_group, web_app_name are 
# appropriately declared and instatiated

credentials = ClientSecretCredential(client_id=client_id, 
                                     client_secret=secret,
                                     tenant_id=tenant)

with WebSiteManagementClient(credentials, subscription_id) as mng:
    web_app = mng.web_apps.get(resource_group, web_app_name)
    app_config = mng.web_apps.get_configuration(resource_group, web_app_name)

    # TODO: upload Private Key (PKCS12) here
Tags:

2

Answers


  1. 0
    • Azure cli does provide commands to upload a certificate to the app service.
      The command is :
    
az webapp config ssl upload
    • Now we ca use a sub process to execute the commands. First, we will set the subscription then we will execute the upload command
    
import  subprocess

subprocess.call(' az account set -s <subscription name >', shell=True)

subprocess.call(' az webapp config ssl upload --certificate-file <file path of certificate> --certificate-password {certificate-password} --name <name of app> --resource-group <name of resource group>', shell=True)

    Refer the following documentation on azure cli commands

    Login or Signup to reply.
  2. 0

    I would suggest using Azure Key Vault to store your certificates if possible.

    It has a REST API that you should be able to interface with in Python.

    The linking to the domain would be done in the initial creation of the key on the azure portal. But there should be another endpoint for that part as well.

    To the post in python would look like this:

    url = 'https://{myvault}.vault.azure.net/certificates/{certificate-name}/import?api-version=7.3

body = {
"value": "MIIJ...",
"pwd": "123",
"policy": {
    "key_props": {
    "exportable": true,
    "kty": "RSA",
    "key_size": 2048,
    "reuse_key": false
},
"secret_props": {
  "contentType": "application/x-pkcs12"
}
}
}

response = requests.post(url, json = body)
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search