Certificates for Microsoft Azure
Getting a certificate
Although, Microsoft Azure does not allow you to create a certificate request or to generate a private key, you can import a PKCS#12 file (.p12 or .pfx). This means that you need to generate your private key and your CSR using another tool.
You can use:
- Our tool, Keybot to generate your PFX from your browser.
- Certreq allows you to generate your private key and your CSR on a server or a windows workstation. You can then export your PFX.
- You can also generate your CSR on a temporary IIS site then install and export your PFX
- You can also use Openssl to generate your private key and generate a PFX upon the certificate delivery.
Application configuration
To be able to use your certificate, you need to configure your application to use HTTPS.
Start by editing your service definintion file (CSDEF), and add a section Certificates in your Webrole and configure the name of your certificate, its store and its permissions.
<WebRole name="CertificateTesting" vmsize="Small"> ... <Certificates> <Certificate name="SampleCertificate" storeLocation="LocalMachine" storeName="CA" permissionLevel="limitedOrElevated"/> </Certificates> ... </WebRole>
In the Endpoints section, add a InputEndpoint entry corresponding to the HTTPS.
<WebRole name="CertificateTesting" vmsize="Small"><br /><br /> ...<br /><br /> <Certificates><br /><br /> <Certificate name="SampleCertificate" storeLocation="LocalMachine" storeName="CA" permissionLevel="limitedOrElevated"/><br /><br /> </Certificates><br /><br /> ...<br /><br /> </WebRole>
Then, add a Binding element in your Sites section to link the Endpoint to the site.
<WebRole name="CertificateTesting" vmsize="Small"><br /> ...<br /> <Sites><br /> <Site name="Web"><br /> <Bindings><br /> <Binding name="HttpsIn" endpointName="HttpsIn"/><br /> </Bindings><br /> </Site><br /> </Sites><br /> ...<br /> </WebRole>
In your service configuration file (CSCFG), ServiceConfiguration.Cloud.cscfg, add a Certificates section to the Role section. You will then need to get the Thumbprint (see external links) of your certificate. The following example uses a SHA1 thumbprint:
<Role name="Deployment"> ... <Certificates> <Certificate name="SampleCertificate" thumbprint="9427befa18ec6865a9ebdc79d4c38de50e6316ff" thumbprintAlgorithm="sha1"/> </Certificates> ... </Role>
Sending your certificate on Azure
Azure portal
- On your portal, select your cloud service.
- Open the parameters, then select all parameters.
- Select Certificates, then send the file with its password.
- You can now access your application using HTTPS.
Classic Azure Portal
- Connect on your Azure portal.
- Select Cloud Services.
- Select your services.
- Click on the Certificates tab.
- Send your certificate file, enter its password, and confirm the form.
- You can now connect to your application using HTTPS.