How do I import a public certificate to Windows Azure?
-
14-11-2019 - |
Question
I am going to communicate from Windows Azure to another public web service through SSL. And the certificate on public web service is self-signed. Therefore I need to trust the public certificate on my Windows Azure.
How can I import the certificate (.cer) to Windows Azure? The management portal only allow import a certificate with private key.
Solution
This is actually an issue with the portal, not with azure itself. Go to the "Add Certificate" section in the portal, click the browse button, navigate to where your .cer file is. The files listed are filtered to .pfx files so you won't see the file you want to import, but, if you type in the name of the file it will work.
OTHER TIPS
This was an issue with the portal. I had thought it was fixed - apparently not. You can always convert the .cer to a .pfx as well (with a lame password). I run this from LINQPad:
void Main()
{
string file = @"C:\temp\deploy\dunnrydeploy.cer";
var cert = X509Certificate2.CreateFromCertFile(file);
var bytes = ((X509Certificate2)cert).Export(X509ContentType.Pfx, "p");
var fs = File.Create(@"C:\temp\deploy\foo.pfx");
using (fs)
{
fs.Write(bytes, 0, bytes.Length);
fs.Flush();
}
}
There are few blogs about how to do thsi - http://blogs.msdn.com/b/jnak/archive/2010/01/29/installing-certificates-in-windows-azure-vms.aspx
This uses manual XML entry for self signed certificates in the Role
<Certificate name="SelfSigned" storeLocation="CurrentUser" storeName="<enter a value>" />
Here is how I obtained a public certificate from a private key and uploaded into Azure.
1) Obtain the certificate using PowerShell:
PS C:\MyWebsite> $cert = New-SelfSignedCertificate -DnsName mycompany.com -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange"
PS C:\MyWebsite> $password = ConvertTo-SecureString -String "mypassword" -Force -AsPlainText
PS C:\MyWebsite> Export-PfxCertificate -Cert $cert -FilePath ".\mycompany.pfx" -Password $password
2) Then upload the certificate in the portal:
For details please see https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-certs-create