Articles in Root

Share Via Email

Impementing SSL in the Windows Azure Platform

Solution

First you must obtain a PKCS#12 file.  This is a file that contains both the public and private key of a certificate in a single file.  The recommended way of creating this is using Internet Information Services.

IIS 5 or IIS 6

https://support.quovadisglobal.com/KB/a32/how-do-i-generate-csr-on-microsoft-iis-5-iis-6-a-new-website.aspx
https://support.quovadisglobal.com/KB/a44/how-do-i-install-an-ssl-certificate-onto-microsoft.aspx

IIS 7

https://support.quovadisglobal.com/KB/a20/how-do-i-generate-a-csr-on-microsoft-iis-7.aspx
https://support.quovadisglobal.com/KB/a95/how-do-i-install-an-ssl-certificate-into-microsoft-iis-7.aspx

Exporting to *.pfx

https://support.quovadisglobal.com/KB/a46/exporting-a-pfx-using-mmc.aspx

Prerequisites

Create an application in Visual Studio for the Windows Azure Platform.
Note: You may need to install the SSL Certificate at the local user level in order for Visual Studio to recognize it in the properties dialog.

Assigning The Certificate To Your Application

In Solution Explorer, expand the Roles node in your project, double-click the MyTodo.WebUx role to open its properties window, and then switch to the Certificates tab in Visual Studio.
Click on Add Certificate at the top.  Provide a friendly name for the certificate.
Select your SSL certificate from the list and click on OK.  Chose LocalMachine as the store location.

Assigning Your Application An Endpoint

In the MyTodo.WebUx [Role], click on the Endpoints tab on the left in Visual Studio.
Click on Add Endpoint at the top.
Add an Endpoint and select the HTTPS checkbox.  Enter in the port 443 and select your SSL certificate from the drop down menu.

Installing Your SSL Certificate Into the Azure

Log into Windows Azure Platform at http://windows.azure.com.
Click on the Hosted Services, Storage Accounts & CDN link in the lower left pane.
Click on the Hosted Services node on the upper part of the left pane and then select Certificates (located under the MyToDo Service.
Click on the Add Certificate button at the top in the ribbon.
Click on the Browse ... button and navigate to your pfx file.
In the Password field, enter in the password that was set when exporting the certificate.
You will see that your certificate has been loaded in the Certificates folder.

Publish and deploy your application to the Windows Azure Platform using your preferred method.  Once it is deployed, start it and wait for the status to be Ready.

Navigate to your application.

Creating A CNAME

When you access your application, it will redirect to the Windows Azure Platform URL in the cloud.  This will cause a mismatch error in your certificate.  In order to get around this, you must create a CNAME entry that matches your SSL Certificate Common Name to the Windows Azure Platform URL.

Legal


DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs.

© 2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.