0

We are using an Azure logic app to integrate a third party API service with a D365FO instance. The third party supplied us with a public CA certificate file (crt) and a self signed certificate plus key file set (crt and key) to secure the connection.

Now there are instructions on MS docs how to apply the client certificate to a HTTP request to the API service. Although just using the client certificate will give us a TrustFailure error when running the logic app. This result also seems to be described in Microsoft docs:

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal#access-for-outbound-calls-to-other-services-and-systems

At the same time we have also been provided a public (CA) certificate that might alleviate the issue, but we are unsure how to apply a CA certificate to an Azure logic app. Maybe the CA certificate is not necessary here at all, though. Could someone give us directions how to handle this?

amigobrewbrew
  • 11
  • 1

2 Answers2

0

For those who are interested, it turned out the file supplied, which was labelled CA certificate, was a private certificate where the supplier itself was the "local certificate authority". With that CA certificate, a self signed client certificate was generated. Azure Logic App's HTTP request action does not support those kinds of self signed certificates to make a connection. Eventually, we made a Azure function that was using the client certificates to make a connection. The Azure function was incorporated in the logic app handling the http requests.

amigobrewbrew
  • 11
  • 1
0

In case someone else has the same issue, Logic Apps standard supports calling HTTP endpoints signed with an internal certificate authority, as documented here:

In your logic app resource's app settings, add or update the app setting, WEBSITE_LOAD_ROOT_CERTIFICATES.

For the setting value, provide the thumbprint for your TLS/SSL certificate as the root certificate to be trusted.

"WEBSITE_LOAD_ROOT_CERTIFICATES": "<thumbprint-for-TLS/SSL-certificate>"

When multiple CA certificates are to be trusted, thumbprints can be added comma separated without spaces.

The public key of the CA certificates must be uploaded to Logic App as well. This is documented in the official documentation.

Upload public key to App Service

HTH

Paco de la Cruz
  • 101
  • 3