Configure SSL on Windows Azure

1
votes

i am having issue in configuring SSL on cloud app. i do the following steps in sequence

  1. generate create certificate request from VM hosted on azure enviroment
  2. a text file with CSR hash is created.
  3. i send the hash to certificate issuing authority and i upload the new release in the mean while on cloud
  4. certificate issing authority send me 4 files with crt extension.

  5. i import the .crt file in certificate manager console (certmgr.msc)

  6. export the file in cer format.

  7. update web role properties in VS 2012. add certificate and update endpoints.
  8. upload cer file on cloud
  9. publish the package and update the package on cloud.
  10. update is not completed becasue of certificate with thumbprint associated with HTTPS input endpoint https does not contain private key

can any one help me out how i configure SSL on cloud app.

regards, Zeeshan

3
azuressl
welcome to SO. please post details about your issue and what have you tried to solve itNogard
If I'm not mistaken, you would need to export the certificate in pfx format in step 6.Gaurav Mantri

3 Answers

1
votes

As Gaurav mentioned, in step 6, you want to export the certificate and include private key. This will generate a .PFX file and ask you to provide a password.

Furthermore, when you have the .PFX file - you will want to take care as to where you upload it to. Make sure that you upload it to Certificates area under the Web Role - the portal should ask you for a password to the .PFX file.

Management Certificates area that expects .CER files is not the right place to upload SSL certificates to. I am guessing it is likely where uploaded the .CER file from step 6

1
votes

I followed the following step process when I was setting up SSL in Azure using GoDaddy as CA:

  1. Create a Certificate Signing Request (CSR) on the web server (local IIS, not Azure)
  2. Send CSR to CA (Certificate Authority – GoDaddy) and specify alternative domain names (if you've paid for that possibility)
  3. Download certificate from CA
  4. Import certificate to web server (local IIS, not Azure)
  5. Import the intermediate certificates from CA into local computer (where you have IIS)
  6. Export the certificate as PFX file from IIS and give it a password
  7. Import PFX file into Azure together with password
  8. Bind configured domain names to the certificate in Azure

There are a few different ways to create the CSR file. I used IIS Manager on my local developer computer.

You can read an extended version of the list here where all the steps are more thoroughly explained.

0
votes

Have you checked the requirements for uploading and using certificate on windows azure? The requirements is:

  • You need to include a certificate that must have a minumium of 2048 bit in keysize.
  • The certificate must be exported with Personal Information Exchange.
  • When creating the cerificate your subject name must match the domain name of you cloud service.
  • You have to include a private key.