Complete Solution: Adding SSL Certificate with Windows Azure Application
First of all you will need to get
SSL certificate from a certificate authority (CA) for your domain i.e. www.yourcompanydomain.com. Please
be sure that you are not going to request SSL certificate for cloudapp.net as
this is not your domain, your service is hosted there. You will have to
register your actual domain i.e. www.yourcompanydomain.com
at a domain register service of your choice. After it, you will request SSL
certificate for the same domain i.e. www.yourcompanydomain.com
from a Certificate Authority of your choice.
I have categorized this process
in 4 steps as below:
1.
Create CSR for your
domain and getting SSL Certificates from your desired CA
2.
Installing SSL certificates
in your development Machine
3.
Uploading SSL certificates
on Windows Azure Portal for your Service and including in your HTTPS endpoint
4.
Setting up proper
CNAME entry for your domain in DNS register
Step 1: Create CSR for your domain and getting SSL
Certificates from your desired CA
You can use IIS7 (Either from
Windows Server 2003/2008 or Window XP) to generate a certificate request for
your domain and use the CA to get the SSL certificates from your CA. So far I
know, IIS7x running on Windows 7 does not allows to generate CSR. To get the
SSL certificate for your domain you will need to pass a CSR request to your CA
and you can use IIS server to create CSR request.
-
For IIS server 7.x
please use the following details:
https://www.digicert.com/csr-creation-microsoft-iis-7.htm
-
For IIS server 5.x
and 6.x please use the following details:
https://www.networksolutions.com/support/csr-for-microsoft-iis-5-x-6-x/
Step 2: Installing SSL certificates in your development
Machine
In most of the cases you will
receive minimum 3 certificate from your CA or may be more:
1.
Domain Certificate
2.
Root Certificate
3.
Intermediate
certificate
You will received these
certificates either separate PFX files or chained into one PFX certificate file.
I have seen most of the time, 1 PFX file has all the certificates in it. You
will also need to download a few CER files from the CA as well. Once you have
all the files please install all of these certificates (PFX and CER) in your
development machine. Once you have installed all necessary certificates in your
development machine you will be able to verify your domain correctly with proper
root certificate and intermediate certificate. You will see your domain
certificate and chained intermediate certificate, stored into your machine account
personal storage however the root certificate will be stored in privilege root
storage. This step will also help you to select and include all the necessary certificates
in your Windows Azure Application configuration and setup HTTPS Endpoint.
Step 3: Uploading SSL certificates on Windows Azure
Portal for your Service and including in your HTTPS endpoint
After you installed these
certificate in your development machine, you will need to upload these SSL
certificates (all) to certificates section inside your Service on Windows Azure
Portal. You also needs to include all the certificates inside your Service
Configuration file as described in following blog:
Step 4: Setting up
proper CNAME entry for your domain in DNS register
Finally, once you
have the SSL certificate setup correctly in Windows Azure Portal and in your
HTTPS Endpoint and Service Configuration file, you just need to add CNAME entry
in your DNS service to route it correctly. To setup proper CNAME entry please
follow:
https://blog.smarx.com/posts/custom-domain-names-in-windows-azure