Creating Certificate Bundles for Application Gateway
There are certain clients that still require a full certificate chain as they may return certificate errors. Certain web servers like IIS can build the chain while others may not serve the full certificate chain in the Server Certificate exchange. Here’s a step-by-step process going through how to detect if this is an issue and…
Querying Resources in Azure Graph
I had a customer reach out requesting how to query all certificates across all subs and figure out when they are expiring. Using Azure Resource Graph I came up with the query below that searches for all app services, find the bindings, and matches those apps up with the Microsoft.web/certificate object. Azure Graph is a…
Root Certificates on Windows
I’m far from a PKI expert so I won’t be going into much detail as a lot of information around certificates can be found through a web search. I spent a considerable amount of time debugging an issue related to certificates and the trusted root store on Windows and I didn’t find much documentation discussing…
Exporting an App Service Certificate from Azure Key Vault to use elsewhere
Download the certificate from the Key Vault hosting the App Service Certificate. Double click on the exported PFX downloaded from Keyvault onto your Windows Machine. Navigate through the prompts on the screen, leaving the Password blank and marking the key as exportable Whever the cert was installed ie Personal store -> Right click on the…
Using MSI to call another Web/Function App
I see this question come up every so often around how to call another function or web app with MSI that is configured to use the built in Authentication. The steps to setting up the authentication and authorization can be found in steps 1-3 of this previous blog. The UX has since changed so I…
App Service Network Troubleshooting
My basic process behind debugging any sort of networking issue is to reduce the complexity of the issue and walk up the basic network stack. Often times we overlook a basic problem such as DNS resolution issues or the incorrect reference in code that can cause hours, days, or weeks going down a rabbit hole.…
The plight of the unrecognized IMEI
My parents arrived back from overseas with the international version of the Samsung S20. What we expected to be a simple process of going to ATT and activating the phones turned onto a 2 week long ordeal. What I’ve learned since is each phone has an IMEI number which is a unique number used to…
Azure Functions Access to Restricted Storage Accounts
With requirements for additional security, many customers have started enforcing network restrictions on their Azure storage accounts. This in turn can cause major issues with Azure Functions without the proper configuration, as Azure functions rely heavily on Azure storage for functionality. Background Azure storage There are two core concepts for Azure Functions related to Azure…
Troubleshooting Azure Functions
Troubleshooting Azure Function issues related to the host runtime can sometimes be cumbersome. Having worked in support for a number of years I’ve learned a couple useful tricks. Before we start understanding the behavior of each trigger type is very important. Here’s a previous blog that I use on a daily basis as my cheat…
Update ASE Cluster Settings without Azure Resource Explorer
Often customers using App Service Environment want to apply additional security features such as disabling TLS 1.0/1.1 or remove certain ciphers. In Azure Public you can use https://resources.azure.com to perform these actions. If you are working in any non-Azure Commercial clouds the existence of Azure Resource Explorer is not available. Here’s another programmatic method to…
