The Issue
I have previously posted about settings up Snipe IT on Azure using a Docker container running in an Azure WebApp with a MySQL DB.
I recently had to revisit my setup as the site was failing to load with a DB connection failure. The issue was that the SSL certificate chain used by Microsoft for their hosted MySQL service had changed and my settings needed to be updated
The Solution
- In te Azure Portal find your MySQL instance and select the networking blade, click the ‘Download SSL Certificate’ link, you are taken to learn.microsoft.com . Download the DigiCert Global Root G2 certificate and the Microsoft RSA Root Certificate Authority 2017 certificate
- You need to combine these certificates i.e. put the base64 coded versions of each in a single text file.
-----BEGIN CERTIFICATE----- (Content from DigiCertGlobalRootCA.crt.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Content from DigiCertGlobalRootG2.crt.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Content from MicrosoftRSARootCertificateAuthority2017.crt.pem) -----END CERTIFICATE-----
- SO, I downloaded the
DigiCertGlobalRootCA.crt.pemfile I was using previously from my Snipe IT’s Azure File Storage and opened it in a text editor (the first block) - I then appended the contents of
DigiCertGlobalRootG2.crt.pemto this file (the second block) - Before I could do the same with the
Microsoft RSA Root Certificate Authority 2017.crtfile I had to import the .CRT file onto my local Windows machine, then export it is a Base64 encoded file. Once this was done, this too could be add to theDigiCertGlobalRootCA.crt.pemfile (the third block) - Once all the edits were made I save the edited file and uploaded it into the Azure Storage to overwrite the old version. This avoid the need to edit any other configuration settings that referenced the certificate file name.
Once this was done my Snipe IT instance loaded as expected.