How To Enable SSL on Windows Azure
As part of our Azure Security Guidance project, we tested setting up SSL during our exploration. To do so, we created a self-signed certificate and deployed it to Azure. This is a snapshot of the rough steps we used:
- Step 1 - Create and Install a test certificate
- Step 2 - Create a Visual Studio project
- Step 3 - Upload the certificate to Windows Azure Management portal
- Step 4 - Publish the project to Windows Azure
- Step 5 - Test the SSL
Step 1 - Create and Install a test certificate
- Open a Visual Studio command prompt
- Change your active directory to the location where you wish to place your certificate files
- Enter the following 2 commands
makecert -r -pe -n "CN=AzureSSL" -sky 1 "azuressl.cer" -sv "azuressl.pvk" -ss My
pvk2pfx -pvk "azuressl.pvk" -spc "azuressl.cer" -pfx "azuressl.pfx" -pi password1
Note - You can find an explanation of the command line arguments for makecert.exe and pvk2pfx.exe on MSDN.
Step 2 - Create a Visual Studio project
- File, New Project
- Select "Cloud" from "Installed Templates" list on left
- Type "AzureSSL" for name, and hit OK
- Select Web Role from the list, and ">" to add to solution
- Click OK
- Right-click \Solution\AzureSSL\Roles\WebRole1, and select "Properties"
- Select "Certificates" tab on left
- Click "Add Certificate" button on top bar
- Change "Store Location" drop-down to "CurrentUser"
- Click "..." button under Thumbprint
- Select AzureSSL cert from list and click OK
- Select "Endpoints" tab on left
- Enable the "HTTPS:" checkbox
- Select "Certificate1" from the SSL certificate name drop-down
Step 3 - Upload the certificate to Windows Azure Management portal
- Open https://windows.azure.com
- Select the Service you will deploy to, or create one if necessary
- At the bottom of the management page, find the Certificates area, and click the "Manage" link on the right
- Hit the "browse" button and select the PFX file created in step 1
- Enter "passWord1" and confirm it in the password textboxes
- Click "Upload"
Step 4 - Publish the project to Windows Azure
- In your Visual Studio project from step 2, right click \Solution\AzureSSL and select "Publish"
- In the Windows Explorer window that pops up, copy the path to the directory displayed into the clipboard
- Switch to your browser with the Windows Azure Management portal open
- If you are still in the manage certificates screen, return to the service management screen
- Click the "Deploy" button
- Under "Application Package" area, select the "Browse" button
- In file open dialog that pops up, paste the path from your clipboard to navigate to your VS package
- Select the AzureSSL.cspkg, and click "Open"
- Under the "Configuration Settings" area, select the "Browse" button
- Select the ServiceConfiguration.cscfg file, and click "Open"
- At the bottom of the Deploy screen, enter AzureSSL in the textbox
- Click "Deploy"
- When the deployment completes, click the "Run" button
Step 5 - Test the SSL
- Once the Web Role has completed initializing, click on the "Web Site URL" link
- Change the URL scheme to HTTPS (in other words change http to https), and open the page
Your results may vary here based on your browser, but you'll most likely see a warning about the certificate being for a different site, or not being from a trusted source. If you permit access to the site, the page will render empty and you browser should indicate that the page was delivered over SSL with a lock icon or something similar.
My Related Posts