Before we will come to know, how to create X.509 certificate for Windows Azure web Role, let us understand why we need a certificate for a role? It authenticates whether an operation on an azure subscription is authenticated or not? Certificates help us for Authentication.

There are two types of certificates

1. Management certificates

2. Service certificates

Management Certificates

This is subscription level certificate. It is independent of any particular hosted service. This stores the certificate for Windows Azure subscription.

X.509 certificates are example of this certificate.

Service certificates

This is hosted service lever certificates. This stores the service for a hosted service.

A personal information exchange certificate is example of this type of certificate.

To create a X.509 certificate, First step you need to do is Open Visual Studio command prompt. Go to Start and open Visual Studio 2010 Tools and select Visual Studio Command Prompt

clip_image001

If you want to explore different basic options available with makercert command.

Run the command

MakeCert -?

clip_image003

To create a certificate we can run the command with any combination of options available with MakeCert.exe .

I am creating a certificate here with the name debugmode.

clip_image004

In command prompt, it would look like,

clip_image006

Explanation of various options I am using in above command is as below,

-sky

Specifies the subject key type. It may be exchange type or signature type. It can be any integer type to represent a provider type.

-r

This option creates a self-signed certificate

-n

This option provides certificate name. Naming convention must adhere to X.509 certificate standard. The simplest way to provide certificate name is to put the name in double quotes as like “CN=Certificatename”

-pe

Allow the private key to be part of the certificate such that later it can be exported

-a

Specifies the algorithm type. It could be SHA1 or MD5 . By default it is MD5

-ss

Specifies certificate store name.

After running above command you can find a X.509 certificate with name debugmode has been created in the folder C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC.

Right click on the certificate and you will get an option to install certificate

clip_image007

If you select to install, certificate install wizard will get open to you.

clip_image008

Either you can choose the store for the certificate or leave wizard to search a store for you.

clip_image009

There is one more way to create X.509 certificate using IIS. Open Inetmgr

clip_image010

In center you will get an option of Server Certificates. Double click on that.

clip_image012

At left pane you will get option to create a server certificate. Select Create Self-Signed Certificate

clip_image013

Just follow the wizard to create the self-signed certificate

clip_image015

These are two ways to create X.509 certificates. Tune in for the next post.

Advertisements

11 thoughts on “Windows Azure for Developers Task 11: Create X.509 certificate for Windows Azure Web Role

  1. When I did this the certificate would not upload to Azure portal. Error stated a .CER file cannot be uploaded.

  2. When I did this with Visual Studio 2010 the certificate would not upload to Azure portal. Error stated a .CER file cannot be uploaded.

  3. Hi TOm ,

    Could you please tell me where you are trying to upload ? there are two location you can upload the certificae . For certificate with extension .Cer you can uplaod them only to Mange API certificate tab .. please revert if need any more calrification

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s