Can I create a self-signed SSL certificate for Windows Azure using only makecert.exe?

Question

Background: I need to test an https endpoint for a WebRole on Windows Azure. For that I need to upload a self-signed certificate, add the certificate's thumbprint to the WebRole's configuration and finally associate the endpoint with that configured certificate.

I created a self-signed certificate using makecert.exe, which is available through the Visual Studio Command Prompt. I used the following command:

makecert.exe -r -pe -n "CN=test.cloudapp.net" -sky exchange -ss my -len 2048 test.pfx

The command succeeds and I can upload the certificate file to the Windows Azure hosted service. But deployment of the WebRole fails with the following error:

Certificate with thumbprint 6AB... associated with HTTPS input endpoint Endpoint2 does not contain private key.

I have to export the certificate from the my store, and choose to include the private key and provide a password. If I upload this exported certificate file and use its thumbprint, then deployment succeeds.

I want to create a certificate file that includes the private key, without first saving the certificate to any store and exporting it from the store. Is that possible using makecert.exe?

Answer 1

To create a certificate without saving it to any store you'll need to use pvk2pfx.exe (available through the Visual Studio Command Prompt).

It works like this:

makecert.exe -sv CertKey.pvk -n "CN=My Azure Certificate" CertKey.cer
pvk2pfx.exe -pvk CertKey.pvk -spc CertKey.cer -pfx MyPFX.pfx -po yourPasswordHere

Running makecert.exe will aks you for a password for the private key. You'll need to enter that password for the -po argument of the pvk2pfx.exe command.

Finally you'll have a pfx file (containing private key) named MyPFX.pfx