Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[FEATURE REQ] ClientCertificateCredential should support certificate store

See original GitHub issue

Library name

Azure.Identity

Please describe the feature.

This is a feature request on behalf of @abatishchev.

In track 1 the AppAuthentication library supported loading authentication certificates from the certificate store directly by specifying either the thumbprint or subject name and issuer via its connection string. It also supported refreshing the certificate from the store in the SNI case to enable seamless certificate rolling.

In track 2 we have the ClientCertificateCredential which only supports a pre-loaded certificate, or loading a certificate from disk, and doesn’t support rolling the certificate. While we have some track 2 samples which demonstrate how an application might achieve this behavior, there are no built-in credential types which users can use out of the box.

Given that using of the certificate store, and automatic rolling of certificates are security best practices, it would be good to enable these behaviors directly in Azure.Identity, or possibly a plugin library, so that users aren’t left to implementing them in their applications.

Issue Analytics

State:
Created 2 years ago
Reactions:5
Comments:6 (2 by maintainers)

Top GitHub Comments

3reactions

JaredShavercommented, Mar 17, 2022

This request has been opened several times in multiple repositories so I don’t remember who suggested it, but an idea presented by another user was to use the PowerShell CertificateProvider syntax for the certificate path (ex. set AZURE_CLIENT_CERTIFICATE_STORE \LocalMachine\My\52A149D0393CE8A8D4AF0B172ED667A9E3A1F44E ). https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/about/about_certificate_provider?view=powershell-7.2 https://github.com/PowerShell/PowerShell/blob/b46ac16e09dce433dbc1ecb19ab949754eef4978/src/Microsoft.PowerShell.Security/security/CertificateProvider.cs#L1223

1reaction

iinuwacommented, Mar 31, 2022

+1 for using the Cert:\ syntax for specifying certificates in the store. That could specified as an environment variable pretty easily.

Top Results From Across the Web

ClientCertificateCredential class

Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Azure Active Directory with a certificate.

Service and Client Certificates

Service Certificates must always be RADIUS certificates. The Client Certificates feature allows you to import a client certificate and use that certificate to ......

Generate and configure an SSL certificate for backend ...

From Client Certificate, choose Test to invoke the method request. API Gateway presents the chosen SSL certificate for the HTTP backend to authenticate...

Working with certificates

You can confirm that a certificate was sent using the Postman Console. Open the Postman Console by selecting Console in the Postman footer,...

Create and Manage SSL Certificates

Secure your B Series Appliance using SSL certificates. Create self-signed certificates, create certificate requests, or upload signed certificates.