Comment importer un certificat public à Windows Azure?
-
14-11-2019 - |
Question
Je vais communiquer de Windows Azure à un autre service Web public via SSL.Et le certificat sur le service Web public est auto-signé.Par conséquent, j'ai besoin de faire confiance au certificat public sur ma Windows Azure.
Comment puis-je importer le certificat (.cer) à Windows Azure?Le portail de gestion n'autorise qu'un certificat d'importation avec une clé privée.
La solution
This is actually an issue with the portal, not with azure itself. Go to the "Add Certificate" section in the portal, click the browse button, navigate to where your .cer file is. The files listed are filtered to .pfx files so you won't see the file you want to import, but, if you type in the name of the file it will work.
Autres conseils
This was an issue with the portal. I had thought it was fixed - apparently not. You can always convert the .cer to a .pfx as well (with a lame password). I run this from LINQPad:
void Main()
{
string file = @"C:\temp\deploy\dunnrydeploy.cer";
var cert = X509Certificate2.CreateFromCertFile(file);
var bytes = ((X509Certificate2)cert).Export(X509ContentType.Pfx, "p");
var fs = File.Create(@"C:\temp\deploy\foo.pfx");
using (fs)
{
fs.Write(bytes, 0, bytes.Length);
fs.Flush();
}
}
There are few blogs about how to do thsi - http://blogs.msdn.com/b/jnak/archive/2010/01/29/installing-certificates-in-windows-azure-vms.aspx
This uses manual XML entry for self signed certificates in the Role
<Certificate name="SelfSigned" storeLocation="CurrentUser" storeName="<enter a value>" />
Here is how I obtained a public certificate from a private key and uploaded into Azure.
1) Obtain the certificate using PowerShell:
PS C:\MyWebsite> $cert = New-SelfSignedCertificate -DnsName mycompany.com -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange"
PS C:\MyWebsite> $password = ConvertTo-SecureString -String "mypassword" -Force -AsPlainText
PS C:\MyWebsite> Export-PfxCertificate -Cert $cert -FilePath ".\mycompany.pfx" -Password $password
2) Then upload the certificate in the portal:
For details please see https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-certs-create