Before we will come to know, how to create X.509 certificate for Windows Azure web Role, let us understand why we need a certificate for a role? It authenticates whether an operation on an azure subscription is authenticated or not? Certificates help us for Authentication.
There are two types of certificates
1. Management certificates
2. Service certificates
Management Certificates
This is subscription level certificate. It is independent of any particular hosted service. This stores the certificate for Windows Azure subscription.
X.509 certificates are example of this certificate.
Service certificates
This is hosted service lever certificates. This stores the service for a hosted service.
A personal information exchange certificate is example of this type of certificate.
To create a X.509 certificate, First step you need to do is Open Visual Studio command prompt. Go to Start and open Visual Studio 2010 Tools and select Visual Studio Command Prompt
If you want to explore different basic options available with makercert command.
Run the command
MakeCert -?
To create a certificate we can run the command with any combination of options available with MakeCert.exe .
I am creating a certificate here with the name debugmode.
In command prompt, it would look like,
Explanation of various options I am using in above command is as below,
|
-sky |
Specifies the subject key type. It may be exchange type or signature type. It can be any integer type to represent a provider type. |
|
-r |
This option creates a self-signed certificate |
|
-n |
This option provides certificate name. Naming convention must adhere to X.509 certificate standard. The simplest way to provide certificate name is to put the name in double quotes as like “CN=Certificatename” |
|
-pe |
Allow the private key to be part of the certificate such that later it can be exported |
|
-a |
Specifies the algorithm type. It could be SHA1 or MD5 . By default it is MD5 |
|
-ss |
Specifies certificate store name. |
After running above command you can find a X.509 certificate with name debugmode has been created in the folder C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC.
Right click on the certificate and you will get an option to install certificate
If you select to install, certificate install wizard will get open to you.
Either you can choose the store for the certificate or leave wizard to search a store for you.
There is one more way to create X.509 certificate using IIS. Open Inetmgr
In center you will get an option of Server Certificates. Double click on that.
At left pane you will get option to create a server certificate. Select Create Self-Signed Certificate
Just follow the wizard to create the self-signed certificate
These are two ways to create X.509 certificates. Tune in for the next post.
Dhananjay Kumar 
Leave a Reply