Generate certificate on windows azure web or worker role using makecert.exe

1
votes

We are planning to create and install self-signed certificates on azure web roles. We have a requirement to create certificate on web role itself and installing there. But we cannot find makecert.exe on azure web and worker role. We did remote desktop on azure role and found that makecert.exe is missing. Any direction on creating and installing certificate on azure role would be helpful?

If there is any management APIs available for creating certificate on web role, please share with me as I am unable to locate in msdn.

2
wcfazurecertificatemakecert

2 Answers

1
votes

You have a few options to create self-signed certificates:

But there's more to it than simply generating a certificate. What will you do if you have more than one instance running? Will you install the certificate on 1 instance? Or do you need all your instances to have the certificate? What if you redeploy the application? ...

In those cases you might want to look ahead. Would it be an option to store all those certificates in blob storage? Maybe you could have a process running on each instance that 'synchronizes' the certificates with the current instance. You could also use AppFabric ServiceBus Topics to notify other instances when a new certificate has been generated...

0
votes

The direct answer to your questions is that Makecert.exe is an utility which is installed either from installing Visual Studio or Windows SDK or direct download from Microsoft sites. A Windows Azure VM sure not to have this makecert.exe because it is not part of base Windows deployment and if you want to use/run Makecert in Windows Azure VM you really need to add in your project and deploy it.

HOWEVER, If you have a need to deploy a certificate to Windows Azure you really don't need to generate it on fly (i.e. using Makecert.exe) because there is other easier way to do it. You just need to add (or deploy) your PFX certificate to your Windows Azure Service -> Certificate section and when you VM will be initialize, the certificate will be provisioned to your Windows Azure Role (Web or Worker or VM) so there is no need to add Makecert.exe with your project and then use Startup task to run it.

Instead of depend on Makecert.exe or any other method to have certificate in your role, i would suggest using above method which is actually designed for such requirement. If you don't know how to deploy a certificate to your Windows Azure Service either directly to portal or using PowerShell, please let me know..