How to check if the uploaded certificate is added to Windows-My keystore on App Service-Windows?
Published Oct 31 2022 01:43 AM 1,125 Views
Microsoft

In Java, the default keystore of windows App Service is windows-MY. This article illustrates you on how to know if the uploaded certificate is part of windows-MY keystore or not.

 

  • After uploading the certificate (public/private) in AppService under TLS/SSL settings.
  • Login to kudu -> navigate to /home/site/wwwroot folder
  • Create a CertTest.java file on KUDU container in /home and copy the below code as per the instructions

If you already know the subject CN, you can replace the highlighted text part below.

 

Java code:

 

 

 

 

import java.security.KeyStore;
import java.security.cert.Certificate;
import java.time.LocalDateTime;
import java.util.Enumeration;

public class CertTest {
public static void main(String[] args) {
// TODO Auto-generated method stub
try{
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
Certificate cert = ks.getCertificate("******"); // Provide the Subject CN of the certificate
System.out.println(cert);
}
catch (Exception ex){
    ex.printStackTrace();
}
}
}

 

 

 

 

 

Sample log:

LogTime: 2021-11-29T13:50:07.720174200 Key alias = ********-CA : Is a key entry = false

LogTime: 2021-11-29T13:50:07.720174200 Showing certificate chain for *******-CA

[

[

Version: V3

Subject: CN=**********-CA, DC=corp, DC=frk, DC=com

Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

 

If you don’t know the Subject CN but you have uploaded the certificate to app service, then you create a CertTest.java file and copy the below code. Which will bring all the certificates from which you can do a filter.

 

Java code:

 

 

 

 

import java.security.KeyStore;
import java.security.cert.Certificate;
import java.time.LocalDateTime;
import java.util.Enumeration;

public class CertTest {
public static void main(String[] args) {
// TODO Auto-generated method stub

try{
KeyStore keyStore = KeyStore.getInstance("Windows-MY");
    // Load keystore
    keyStore.load(null, null); 
Enumeration<String> aliases = keyStore.aliases();
String keyAlias = "";
    //Listing available aliases
    System.out.println("LogTime: " + LocalDateTime.now() + " Listing aliases " + aliases);
    while (aliases.hasMoreElements())
    {
        keyAlias = (String) aliases.nextElement();
        System.out.println("LogTime: " + LocalDateTime.now() + " Key alias = " + keyAlias + " : Is a key entry = " + keyStore.isKeyEntry(keyAlias));
//Output with the cert chain
Certificate[] chain = keyStore.getCertificateChain(keyAlias);

for(Certificate certChain : chain){
System.out.println("LogTime: " + LocalDateTime.now() + " Showing certificate chain for " + keyAlias);
        System.out.println(certChain);

//Load just the certificate without the whole chain.
Certificate cert = keyStore.getCertificate(keyAlias);
System.out.println("LogTime: " + LocalDateTime.now() + " Showing just the certificate for " + keyAlias);
System.out.println(cert);
    }
    }
} catch (Exception ex){
    ex.printStackTrace();
}
}
}

 

 

Please refer to the link - https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#load-certifica...

 

Thanks for reading!!!

Co-Authors
Version history
Last update:
‎Oct 31 2022 01:40 AM
Updated by: