Azure Cloud Service deployment - Azure can't validate SSL certificate

Question

When trying to deploy my MVC application to Azure Cloud Services, deployment fails with the error "Azure failed to validate the specified certificate". As far as I can tell, I've set everything up correctly.

My cloud service is sitting in Azure at myapp.cloudapp.net. I've set up an A record on my own domain myapp@mydomain.com to point to the Azure cloud service. This works as expected.

Next in IIS on the Azure VM, I created a certificate request for myapp@mydomain.com, submitted this to my chosen CA and got a .crt certificate from them. Back in IIS, I completed the Certificate Request using the .crt certificate and placed into the Personal certificate store. I then exported a .pfx certificate from IIS.

I used the .pfx certificate to upload to the Azure portal as shown.

I also installed the .pfx certificate into the Personal certificate store on a developer machine used for Azure deployment.

In Visual Studio 2012, for the webrole, I selected my installed .pfx certificate and set it as the certificate for the HTTPS endpoint.

At this point I then attempt to deploy the site to Azure. After a while, the deployment fails in Visual Studio with the error "Azure failed to validate the specified certificate". Not quite sure where to go from there.

Since a previous version of the site is running in IIS on the Azure VM, manually editing the SSL binding to use the uploaded certificate works correctly but the deployment issue still remains.

Answer 1

In the end I opened a support ticket with the Azure team and over the course of a few hours we tracked down the issue to a missing certificate for the remote desktop add on to the web role.

The certificate thumbprint given by the team was one that wasn't present in the portal nor was it ever part of my solution. Unfortunately, this detail was only given by the team and isn't displayed when the deployment failed.

However, the solution was to remove the remote desktop add on, redeploy the service and re-enable remote desktop.

We have now been able to deploy using an HTTPS endpoint with no further issues.

Answer 2

Here is what you need to do:

1) Open the command prompt, type certmgr.msc

2) This will open the certificate manager on your machine.

3) Open Personal folder and try to locate the certificate.

4) Right click and select export.

5) Export the certificate with the private key and a password.

6) Go to Azure portal and re-upload the certificate.

7) After a successful upload to the certificate on cloud service, re-publish from VS.