SALES: 1-800-867-1380

Get Service Certificate

Updated: April 3, 2014

The Get Service Certificate operation returns the public data for the specified X.509 certificate associated with a cloud service.

The Get Service Certificate request may be specified as follows. Replace <subscription-id> with the subscription ID, <service-name> with the DNS prefix name of the cloud service, <thumbprint-algorithm> with the algorithm for the thumbprint, and <thumbprint> with the thumbprint.

 

Method Request URI

GET

https://management.core.windows.net/<subscription-id>/services/hostedservices/<service-name>/certificates/<thumbprint-algorithm>-<thumbprint-in-hexadecimal>

You must make sure that the request that is made to the management service is secure. For additional details, see Authenticating Service Management Requests.

The following table describes the request headers.

 

Request Header Description

x-ms-version

Required. Specifies the version of the operation to use for this request. This header should be set to 2009-10-01 or higher. For more information about versioning headers, see Service Management Versioning.

The response includes an HTTP status code, a set of response headers, and a response body.

A successful operation returns status code 200 (OK). For information about status codes, see Service Management Status and Error Codes.

The response for this operation includes the following headers. The response may also include additional standard HTTP headers. All standard headers conform to the HTTP/1.1 protocol specification.

 

Response Header Description

x-ms-request-id

A value that uniquely identifies a request made against the management service.

The format of the response body is as follows:


<?xml version="1.0" encoding="utf-8"?>
<Certificate xmlns=”http://schemas.microsoft.com/windowsazure”>
  <Data>Base64-encoded-X509-representation</Data>
</Certificate>

The following table describes the elements of the response body.

 

Element name Description

Data

Specifies the public portion of the X.509 service certificate as a base-64 encoded form of the .cer file.

The Get Service Certificate operation returns the base-64 encoded binary X.509 certificate data in .cer file format for the specified certificate associated with a cloud service. This certificate can be used to support secure access to a web role or worker role.

The following example method calls the Get Service Certificate operation, prints the public service certificate data to the console, and also writes it to a .cer file. The parameters include the subscription ID, a management certificate associated with the subscription, the DNS prefix name for the cloud service, and the encoding algorithm and thumbprint for the requested certificate. Currently, only sha1 is supported as the encoding algorithm. The data is written to a file in the current user’s documents directory with a name combining the service name and thumbprint. The example does no error checking and will throw exceptions if the operation fails, the certificate is not found, or the file cannot be written.

/// <summary>
/// Calls the Get Certificate operation in the Service Management 
/// REST API for the certificate in the specified hosted service with 
/// the specified algorithm and thumbprint, and writes the Base-64
/// encoded public X.509 certificate data to the console and to the
/// user's documents directory.
/// </summary>
/// <param name="managementCert">The management certificate used to access the service.</param>
/// <param name="subscriptionId">The subscription identifier for the service.</param>
/// <param name="serviceName">The DNS prefix name of the hosted service containing the certificate to get.</param>
/// <param name="algorithm">The encryption algorithm for the certificate to get, for example, "sha1".</param>
/// <param name="thumbprint">The thumbprint for the certificate to get.</param>
/// <returns>The HostedServices XML element from the response.</returns>
public static void GetCertificateExample(
    X509Certificate2 managementCert,
    string subscriptionId,
    string serviceName,
    string algorithm,
    string thumbprint)
{
    HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(
        String.Format(
            "https://management.core.windows.net/{0}" +
            "/services/hostedservices/{1}/certificates/{2}-{3}", 
            subscriptionId, serviceName, algorithm, thumbprint));
    request.Method = "GET";
    request.Headers.Add("x-ms-version""2011-10-01");
    request.ClientCertificates.Add(managementCert);
    request.ContentType = "application/xml";
 
    HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    if (response.ContentLength > 0)
    {
        using (XmlReader reader = XmlReader.Create(response.GetResponseStream()))
        {
            XDocument responseBody = XDocument.Load(reader);
            XNamespace wa = "http://schemas.microsoft.com/windowsazure";
            string data =
                responseBody.Element(wa + "Certificate").Element(wa + "Data").Value;
 
            // Write out the data in Base-64 encoded .cer file format
            // to a file named <serviceName>_<thumbprint>.cer
            const int LineLength = 64;
            StringBuilder output = new StringBuilder();
            output.AppendLine("-----BEGIN CERTIFICATE-----");
            for (int offset = 0; offset < data.Length; offset += LineLength)
            {
                int remaining = data.Length - offset;
                output.AppendLine(data.Substring(
                    offset, remaining < LineLength ? remaining : LineLength));
            }
            output.AppendLine("-----END CERTIFICATE-----");
            string certificatePath = Path.Combine(
                Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments),
                serviceName + "_" + thumbprint + ".cer");
            using (StreamWriter writer = new StreamWriter(certificatePath, false))
            {
                writer.Write(output.ToString());
            }
 
            // Display the data on the console
            Console.WriteLine("Wrote certificate data to {0}{1}{2}", 
                certificatePath, Environment.NewLine, output.ToString());
        }
    }
    response.Close();
}
 

When run with the appropriate parameters, the console output of this method will resemble the following:

Wrote certificate data to C:\Users\username\Documents\MyHostedService1_2EA90CBB65EFCF71C92F55363954A16B87941ECD.cer
-----BEGIN CERTIFICATE-----
MIIDIDCCAgygAwIBAgIQFacJqSCsGKVGE19GKlrEejAJBgUrDgMCHQUAMCMxITAf
BgNVBAMTGGhvc3RlZHNlcnZpY2VjZXJ0aWZpY2F0ZTAeFw0xMTExMTAwMDM3NDRa
Fw0zOTEyMzEyMzU5NTlaMCMxITAfBgNVBAMTGGhvc3RlZHNlcnZpY2VjZXJ0aWZp
Y2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM94zedfRaAcpOES
oStDBM/r18qdOI7HFawK+8sd+atW93L+pJgUjmEYgbHsBET2YZRTWHV2l6HkV7CR
nSgTMQ/0SrIsGj+l1BG5Xncdp5Do9dbpHOQmZYVB3t3l0BcFgj3DP+atNXWctUpj
dyDJB+USZJB7o0gz3esmyxdD1HaFBu1LW7GfhWHDmC0+QERdoKxAvVKY1wuvCxY1
/LdCno6ZMV95l5xJ5jzf/itRo0A9wD5tlcR7bJL7Xp45REKZoaVwxCIooL8fC427
LQf2EZbwjhU3kqPOyQ40vNTB+ksJneXqXjhh7Hefond9fFe6O7mwGVfbqOsbFWJs
rTA7b40CAwEAAaNYMFYwVAYDVR0BBE0wS4AQMezArIE9mdwqywnNC9Y/NaElMCMx
ITAfBgNVBAMTGGhvc3RlZHNlcnZpY2VjZXJ0aWZpY2F0ZYIQFacJqSCsGKVGE19G
KlrEejAJBgUrDgMCHQUAA4IBAQA0XehZ43Yt/u/NlOSYOkGhCeomndZbBcijGH9f
o39OiMPwN1BOY1Ch1YmlTt60o/1u1Lg7oxx9+NfE4O2x2xqBK+SIT/W4gtowjmwF
g+dRu0qRCYcJL1HaQWGoRbkZrJHNOKsBVUWJbSKyOtM/MZ2v5eZ2q2imDLNMnIPY
6YaeP9s4lLhcu53iuzkHf1JvsmNkvI7XQkCw2W/COu8ndcXmTrhc1btz+j3r6G9s
iGeRQ+xDV394GIAtTZgszefJXVkjiYlHczUmr0ZPKWh3vA/RTyrcQfDVH0QBZ9CM
YNhhI1PIJOPAQ3X5YsYQwah9pbYV4mIXaJKld+eNsEFt3Zo8
-----END CERTIFICATE-----


See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft