Document Details
Configure Ssl Certificate In Code
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
powershell_heavy
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation demonstrates a Windows-first bias by providing detailed, language-specific examples (C#, Java) for accessing certificates in Windows environments and referencing Windows certificate stores and tools. Linux guidance is less prominent, with Linux-specific code examples appearing later and only for C#. Other languages (Node.js, PHP, Python, Java) are not covered for Linux, and users are directed to external documentation. Windows tools and patterns (certificate store, environment variables, user profile settings) are discussed in depth, while Linux equivalents are less thoroughly explained.
Recommendations:
- Provide Linux examples for all major supported languages (Node.js, Python, Java, PHP), not just C#.
- Present Linux and Windows guidance in parallel or with equal prominence, rather than leading with Windows.
- Include Linux-specific tools and patterns (e.g., OpenSSL, Linux file permissions, environment variable usage) where appropriate.
- Where Windows-specific settings or tools are discussed (e.g., certificate store, user profile), provide Linux equivalents or clearly state when they are not applicable.
- Avoid referencing only Windows certificate stores; explain Linux certificate handling (e.g., file-based, OpenSSL integration) in similar detail.
- Ensure that all code samples and instructions are available for both platforms, or explicitly state any platform limitations.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-09-16 00:00 | #113 | completed | ❌ Biased |
| 2025-09-10 00:00 | #107 | completed | ✅ Clean |
| 2025-08-17 00:01 | #83 | in_progress | ❌ Biased |
| 2025-08-16 00:00 | #82 | in_progress | ❌ Biased |
| 2025-08-15 00:01 | #81 | in_progress | ❌ Biased |
| 2025-07-22 00:01 | #57 | completed | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-13 21:25 | #47 | cancelled | ✅ Clean |
| 2025-07-13 20:48 | #44 | cancelled | ✅ Clean |
| 2025-07-09 13:09 | #3 | cancelled | ✅ Clean |
| 2025-07-08 04:23 | #2 | cancelled | ❌ Biased |
Flagged Code Snippets
To make all your certificates accessible, set the value to `*`.
When `WEBSITE_LOAD_CERTIFICATES` is set to `*`, all previously added certificates are accessible to application code. If you add a certificate to your app later, restart the app to make the new certificate accessible to your app. For more information, see [Update or renew a certificate](#update-or-renew-a-certificate).
## Load certificates in Windows apps
The `WEBSITE_LOAD_CERTIFICATES` app setting makes the specified certificates accessible to your Windows hosted app in the Windows certificate store, in [Current User\My](/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores).
In C# code, you access the certificate by using the certificate thumbprint. The following code loads a certificate with the thumbprint `E661583E8FABEF4C0BEF694CBC41C28FB81CD870`.
In Java code, you access the certificate from the `Windows-MY` store by using the **Subject Common Name** field. For more information, see [Public key certificate](https://en.wikipedia.org/wiki/Public_key_certificate). The following code shows how to load a private key certificate:
For languages that don't support or offer insufficient support for the Windows certificate store, see [Load a certificate from a file](#load-a-certificate-from-a-file).
## Load a certificate from a file
If you need to load a certificate file that you upload manually, it's better to upload the certificate by using [File Transfer Protocol Secure (FTPS)](deploy-ftp.md) instead of [Git](deploy-local-git.md), for example. Keep sensitive data like a private certificate out of source control.
ASP.NET and ASP.NET Core on Windows must access the certificate store even if you load a certificate from a file. To load a certificate file in a Windows .NET app, load the current user profile with the following command in <a target="_blank" href="https://shell.azure.com" >Cloud Shell</a>:
### [Windows](#tab/windows)
The following C# example shows how to load a public certificate in a .NET Framework app in a Windows Server Core container.
To see how to load a TLS/SSL certificate from a file in Node.js, PHP, Python, or Java, see the documentation for the respective language or web platform.
## Load certificates in Linux/Windows containers
The `WEBSITE_LOAD_CERTIFICATES` app setting makes the specified certificates accessible to your Windows or Linux custom containers (including built-in Linux containers) as files. The files are found under the following directories:
| Container platform | Public certificates | Private certificates |
| - | - | - |
| Windows container | `C:\appservice\certificates\public` | `C:\appservice\certificates\private` |
| Linux container | `/var/ssl/certs` | `/var/ssl/private` |
The certificate file names are the certificate thumbprints.
> [!NOTE]
> App Service injects the certificate paths into Windows containers as the following environment variables: `WEBSITE_PRIVATE_CERTS_PATH`, `WEBSITE_INTERMEDIATE_CERTS_PATH`, `WEBSITE_PUBLIC_CERTS_PATH`, and `WEBSITE_ROOT_CERTS_PATH`. It's better to reference the certificate path with the environment variables instead of hardcoding the certificate path, in case the certificate paths change in the future.
>
In addition, [Windows Server Core and Windows Nano Server containers](configure-custom-container.md#supported-parent-images) load the certificates into the certificate store automatically, in `LocalMachine\My`. To load the certificates, follow the same pattern as shown in [Load certificates in Windows apps](#load-certificates-in-windows-apps). For Windows Nano-based containers, use the file paths as shown in [Load a certificate from a file](#load-a-certificate-from-a-file).
### [Linux](#tab/linux)
The following C# code shows how to load a public certificate in a Linux app.
The following C# example shows how to load a public certificate in a .NET Core app in a Windows Server Core or Windows Nano Server container.