Sunday, May 17, 2015

How to setup custom SSL certificate in Azure Cloud Services

Hi All,

In this blog post, I am providing a walk-through on how to setup custom SSL certificate into Azure cloud service. In any cloud service project, you may have multiple web roles that you need to configure some or all of them using SSL certificate.

Since Certificate authorities (CAs) don't provide a pfx file to configure and upload into windows azure, there are some work you need to do once you get the CA response which in some cases it is different formats for the ssl certificate.

For example: GoDaddy provides a zip file which contains .crt (which is your custom domain certificate response) and .p7b file which is set of intermediate certificates used to authenticate your certificate to the root GoDaddy certificate.

Windows Azure SSL certificate requirements:

1) Windows azure accepts only SSL certificate with personal exchange information extension (.pfx).
2) SSL certificate has to be 2048 bit encryption certificate.

Any Certificate Authority (CA) requires you to generate a CSR request to issue a SSL certificate, once you get the CA response, you will be getting file formats such as: (*.crt)

How to convert (*.crt) file into (.pfx) file:

1) Open your IIS manager, click on your server in the left pane.
2) Click on "Complete Certificate Request".
3) Select the certificate .crt file, provide a friendly name and click on OK.

4) Double click on the generated .pfx file to import it in your computer (CurrentUser) store.
5) Open the certificate manager by typing certmgr in the Run window.
6) Open your personal store, you will see the imported certificate with the same friendly name you gave in IIS is imported into your machine.
7) Right click on the certificate, click on export.

8) Make sure to select export the private key, save the generate SSL certificate with pfx file.
Note: remember the password you set for the file since we will need this password when we upload the ssl certificate into Azure portal.

9) We will be using this generate certificate file (.pfx) to be configured in the cloud service and to upload in windows azure.

10) Login to Azure portal, click on your cloud service, select certificates tab.
11) Upload the ssl certificate we generated, and type in the password you previously set when you export the ssl in step #8.

12) This step is to associate the installed SSL certificate in the cloud service for certain web role.
13) From VS 2013 Solution explorer window, double click on the web role you would like to associate the SSL certificate to.
14) Click on Add Certificate.
15) Add a name for your certificate, select store location: CurrentUser
16) Click on the thumbprint small button and select the SSL certificate.
You don't need to copy the thumbprint value for the ssl, once you select the certificate, VS 2013 pulls this value and set it in the field.
17) Click on endpoints tab and add a new endpoint using https protocol and select the certificate associated with the web role we previously added in the certificates tab.

17) Save and deploy your cloud service, Test out accessing the cloud service web role using https!


No comments: