Josh Nock

Code Craftsman

Windows Azure and SSL Certs

If you want to add SSL certificate to your Azure Service, and your service is running as a Web Role, I’ll go over what steps I took to get it set up for a client.  This process will go much much faster if you have IIS Installed on your local machine, or you have access to Server 2008 with IIS installed.  I suggest using Microsoft’s Web Platform Installer to install IIS if you don’t have access to a server.

Once IIS is installed, open up Internet Information Services (IIS) Manager. Click on your computer’s name which is listed under “Start Page” in the connections column of IIS Manager.  Once your computer is selected you should see  the similar menu below in the features view.  Double click the server certificates icon which should be under the IIS sub-section.

image

In the Actions panel on the right hand side, click on "Create Certificate Request"

image

When the "Request Certificate" wizard opens, fill out the information about your site and Organization.  For the organization unit, I usually put research or engineering.  I don't know the importance or significance but I'm sure a google search can tell you that.

image

For the Crypto Service provider, I selected MS RSA, with a bit length of 2048, this bit length should be the minimal length to use.  If you chose something higher you may want to confirm that it is compatible with the Azure SSL features. 

image

Select a location to drop the request into a file, and you'll want to add the file extension .txt onto the name you chose. 

image

 

Ok so here's the tricky part, you get to pick what SSL provider you're going to use.  Obviously budget will most likely dictate your choices, I was able to find a relatively cheap SSL just googling for SSL, and I have found reasonably priced wildcard SSL certs for around $80 per year, for two years.

Once you have completed the purchase process for the cert, they will email the certificat to you.  You will need to save the certificate to a file with the .cer file extension on you computer.

 

In the Actions panel, click on "Complete Certificate Request"  

image

Select the certificate from the location you saved it, give it a display name so you can identify it in the certificates list.  and I chose to leave it in the personal certificate store so that I can export it later and upload it to Azure.

image

After you have finished completing the certificate request.  You will see it show up in the certificates list.  Here you will need to click on the certificate you wish to export and in the actions panel on the right hand side, click the action “Export…”

image

Next you select a location and name to save the cert, c:\mynewsslcert.pfx is always easiest.  And you will want to pick a strong password when completing the export.

image

After that, you just need to go to your Azure website or Azure service, under the “configure” section there will be a certificates sub-section that will allow you to upload the cert.  If your website needs the rest of the certificate chain, these should have been provided in the email from the certifying authority, or you should be able to find instructions on the CA’s website about obtaining and uploading the cert.

blog comments powered by Disqus