Managing an HDInsight cluster, or running an HDInsight job, from an Azure WebJob, requires you to set up a certificate to access the HDInsight cluster. This post shows how to upload the certificate to the Azure management portal, and how to configure our WebJob.
To generate the certificate file we need, you can follow the steps for the .pfx certificate file generation here.
Uploading the certificate file
The .pfx file should be uploaded in the “Configure” section in your Web App. To do so, follow these steps:
- Open the Azure management portal (https://manage.windowsazure.com/).
- Go to the Web Apps section on the left menu.
- Select your Web App from the list.
- Go to the Configure tab.
- Scroll to the “certificates” area.
If your Web App is in the Free or Shared tier, you will need to scale it.
To do so, follow these steps:
- Click “upload a certificate”.
- Browse for the .pfx certificate file and enter the password.
- Click OK and wait for the certificate to be available, it will appear in the list when it’s ready.
Adding the app settings
In the “Configure” tab, scroll to the “app settings” section:
Add the setting WEBSITE_LOAD_CERTIFICATES, with the thumbprint of your certificate as the value.
Save the changes:
You can put multiple certificate thumbprints separated by comma, or use * to load all certificates.
This will install the certificate/s in the Personal certificate store of the ApplicationPool Identity of the worker process.
Using the certificate from your code
Here is a helper function to find a certificate from the store:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|public X509Certificate2 FindCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object searchCriteria)|
|X509Store certificateStore = new X509Store(storeName, storeLocation);|
|X509Certificate2Collection certificates = certificateStore.Certificates;|
|X509Certificate2Collection matchingCertificates = certificates.Find(findType, searchCriteria, false);|
|if (matchingCertificates != null && matchingCertificates.Count > 0)|
|throw new ArgumentException("Unable to find a matching certificate in the certificate store. Please modify the search criteria.");|
To get the certificate we configured in the previous steps, we’ll need to call the function with these parameters:
- storeLocation: StoreLocation.CurrentUser
- storeName: StoreName.My
- findType: X509FindType.FindByThumbprint
- searchCriteria: your certificate thumbprint
And that’s it!!!