We are developing an Azure webjob that needs to communicate to several servers, each one of them demanding a separate SSL connection.

We have our certificates stored in an external server and load them at runtime together with the corresponding SSL connection settings. When we invoke the X509Certificate2 constructor in order to add it to the X509CertificateCollection, the webjob gets stopped with exit code -1073740940 and its status becomes "PendingRestart". Our guess is that the X509Certificate2 class is not compatible with webjobs, but we cannot find any hint on how to tackle this issue.

The code line that generate the issue is-

new X509Certificate2(sslCertificateBytes, socketSettings_.CertificatePassword))

private X509CertificateCollection GetClientCertificates(byte[] sslCertificateBytes)
        {
            log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} started");
            X509CertificateCollection result = new X509Certificate2Collection();
            log_?.OnEvent($"{nameof(X509CertificateCollection)} {nameof(result)} construction successfull");
            try
            {
                if (sslCertificateBytes != null)
                {
                    log_?.OnEvent($"{nameof(sslCertificateBytes)}  enumerable != null");
                    result.Add(new X509Certificate2(sslCertificateBytes, socketSettings_.CertificatePassword));
                    log_?.OnEvent($"result.Add successful");
                }
                else if (!string.IsNullOrEmpty(socketSettings_.CertificatePath))
                {
                    log_?.OnEvent($"{nameof(socketSettings_.CertificatePath)} != null");
                    result = new X509Certificate2Collection();
                    log_?.OnEvent($"{nameof(X509CertificateCollection)} {nameof(result)} construction successfull");
                    var clientCert = StreamFactory.LoadCertificate(socketSettings_.CertificatePath, socketSettings_.CertificatePassword, log_);
                    log_?.OnEvent($"{nameof(StreamFactory.LoadCertificate)} function ended");
                    if (clientCert != null)
                    {
                        result.Add(clientCert);
                        log_?.OnEvent($"result.Add successful");
                    }
                }
            }
            catch (Exception ex)
            {
                log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} raised exception: {ex.Message}");
                throw;
            }
            log_?.OnEvent($"{nameof(SSLStreamFactory)} function {nameof(GetClientCertificates)} ended");
            return result;
        }

Is there a way to manage SSL certificates on Azure Webjobs? Thanks in advance

Azure webjobs run into the same environment of its parent webapp. You can follow this article to import certificates into a webapp :

• Using Certificates in Azure Websites Applications

In a nutshell:

• Upload the certificate to Azure.
• Add an app setting called WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate (make it accessible to your web application)

Important thing to remember:

The certificates will be installed to the Personal certificate store of the ApplicationPool Identity of the worker process.

So to access the certificate from your webapp or webjob:

var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
certCollection = certStore.Certificates.Find(
    X509FindType.FindByThumbprint,
    // Replace below with your cert's thumbprint
    "E661583E8FABEF4C0BEF694CBC41C28FB81CD870",
    false);

// Get the first cert with the thumbprint
if (certCollection.Count > 0)
{
    X509Certificate2 cert = certCollection[0];
}

certStore.Close();