Creating an X.509 certificate for Windows Azure


I always forget the command line to do this, so I’m going to post it in my own blog.

The way to set a specific certificate name, so you can find it within Windows Azure after it is registered, is using the Certificate Creation Tool (makecert.exe) to create an X.509 certificate:

- Open the Visual Studio Command Prompt window as an administrator.

- Change the directory to location where you want to save the certificate file.

- Type the following command:

makecert -sky exchange -r -n "CN=MyCertificateName" -pe -a sha1 -len 2048 -ss My "MyCertificateName.cer"

Where MyCertificateName is the name that you want to use for the certificate. It must have a .cer extension.

 

- After generating the .cer, you must install it into your machine if you want to use it for Windows Azure signing, etc.

To do so, it must be installed within the ‘Certificates (Local Computer) –> Personal –> Certificates.

You can do this using the Certificates Snap-in, you know, mmc.exe –> Add Snap-in –> Certificates –> Local Computer, etc.

After registering the certificate into your machine, you might want to export it (from the Certificates Snap-in) as .PFX, including the private key, setting a password, etc.. You might need this in order to install in into Windows Azure.

Comments (2)

  1. Hi,

    I have problem with certrificate my Customer portal for CRM 2011 Online. Potral is on Wimdows Azure and working OK.

    LIveID, or Google Loging with ACS hew finish with thie error.

    I can not find the reason for errors.

    Thanks for your help

    Martin

    Server Error in '/' Application.


    The X.509 certificate CN=smacs1.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=smacs1.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=smacs1.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=smacs1.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

    Stack Trace:

    [SecurityTokenValidationException: The X.509 certificate CN=smacs1.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=smacs1.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    ]

      System.IdentityModel.Selectors.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate) +958412

      Microsoft.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate) +275

      Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(SecurityToken token) +472

      Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +117

      Microsoft.Xrm.Portal.IdentityModel.Web.Modules.WSFederationAuthenticationModuleExtensions.GetClaimsPrincipal(WSFederationAuthenticationModule fam, HttpContext context) +218

      Microsoft.Xrm.Portal.IdentityModel.Web.Modules.WSFederationAuthenticationModuleExtensions.GetSessionSecurityToken(WSFederationAuthenticationModule fam, HttpContext context, String& identityProvider, String& userName, String& email, String& displayName, String emailClaimType, String displayNameClaimType, String identityProviderClaimType) +150

      Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.GetSessionSecurityToken(HttpContext context, WSFederationAuthenticationModule fam, IDictionary`2 signInContext, String& identityProvider, String& userName, String& email, String& displayName) +288

      Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.TryHandleSignInResponse(HttpContext context, WSFederationAuthenticationModule fam, IDictionary`2 signInContext) +199

      Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.TryHandleSignInResponse(HttpContext context, WSFederationAuthenticationModule fam) +120

      Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.ProcessRequest(HttpContext context) +530

    [FederationAuthenticationException: Federated sign-in error.]

      Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.ProcessRequest(HttpContext context) +1204

      System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +625

      System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

    1. Hemant says:

      I am getting similar error did you get the solution for this? Share you experience.

Skip to main content