Knowledge Base
Installing a Client Authentication Certificate and Trust Anchor in Azure
EMR Direct developers who are hosting their system on Azure and using certificate-based (usually as part of EHR-Level) authentication should follow the instructions below to install the client authentication certificate and trust anchor certificate.
Load the client authentication certificate and key from a .p12 file as shown in the example code. Note that the second approach shown in the sample code using the Windows certificate store methods does not work with Azure, so developers must load the .p12 PFX file instead. See ExampleApplication.cs from the EMR Direct phiMail .NET SDK for additional details.
For the trusted root certificate (server validation certificate), developers using Azure must use one of the the .crt loading approaches below:
//Optional code to globally set the acceptable server trust anchor using a filename to the
// certificate file. If you do not set a trust anchor, trust decisions will be based on the
// operating system certificate store for trusted CAs. The anchor certificate is stored as a
// static class variable, and will be used in all subsequently opened connections.
PhiMailConnector.SetServerCertificate("C:\\Path\\To\\trusted-server-cert.crt");
// You can also pass an X509Certificate object instead of a filename string using:
X509Certificate anchorcert = new X509Certificate("C:\\Path\\To\\trusted-server-cert.crt");
PhiMailConnector.SetServerCertificate(anchorcert);
The examples above can also be found in ExampleApplication.cs from the phiMail .NET SDK. There is an alternative approach to add additional trust anchors into an Azure instance that one can find in the Azure documentation for a specific instance type, if that is preferred. Note that the information in the Azure documentation pertaining to adding trust anchors does not work for client authentication certificates; in that case developers should refer to the instructions above for .p12 files instead.
Did this article answer your question? If not, please contact us.