5

I am going to communicate from Windows Azure to another public web service through SSL. And the certificate on public web service is self-signed. Therefore I need to trust the public certificate on my Windows Azure.

How can I import the certificate (.cer) to Windows Azure? The management portal only allow import a certificate with private key.

Wayne
  • 681
  • 1
  • 6
  • 14

4 Answers4

5

This is actually an issue with the portal, not with azure itself. Go to the "Add Certificate" section in the portal, click the browse button, navigate to where your .cer file is. The files listed are filtered to .pfx files so you won't see the file you want to import, but, if you type in the name of the file it will work.

knightpfhor
  • 9,299
  • 3
  • 29
  • 42
  • I still get an error message when attempting to upload a .cer, along the lines of: PFX Certificate File "blah.cer" Choose file File must be a PFX Certificate Validation error for blah.cer. Details: File extension for blah.cer is not present in the allowed file extensions list - "pfx" – Shiraz Aug 16 '17 at 17:55
  • That's interesting. I just went and tried this again in the current portal (which is quite different to the portal when I first wrote this answer). Now it seems to show both .cer and .pfx and I was able to upload a .cer file without a problem. Are you trying this for a Cloud Service or for a different Azure service? – knightpfhor Aug 20 '17 at 23:12
1

This was an issue with the portal. I had thought it was fixed - apparently not. You can always convert the .cer to a .pfx as well (with a lame password). I run this from LINQPad:

void Main()
{
    string file = @"C:\temp\deploy\dunnrydeploy.cer";
    var cert = X509Certificate2.CreateFromCertFile(file);

    var bytes = ((X509Certificate2)cert).Export(X509ContentType.Pfx, "p");

    var fs = File.Create(@"C:\temp\deploy\foo.pfx");

    using (fs)
    {
        fs.Write(bytes, 0, bytes.Length);
        fs.Flush();
    }
}
dunnry
  • 6,858
  • 1
  • 20
  • 20
0

Here is how I obtained a public certificate from a private key and uploaded into Azure.

1) Obtain the certificate using PowerShell:

PS C:\MyWebsite> $cert = New-SelfSignedCertificate -DnsName mycompany.com -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange"
PS C:\MyWebsite> $password = ConvertTo-SecureString -String "mypassword" -Force -AsPlainText
PS C:\MyWebsite> Export-PfxCertificate -Cert $cert -FilePath ".\mycompany.pfx" -Password $password

2) Then upload the certificate in the portal:

enter image description here

For details please see https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-certs-create

user8128167
  • 6,929
  • 6
  • 66
  • 79
0

There are few blogs about how to do thsi - http://blogs.msdn.com/b/jnak/archive/2010/01/29/installing-certificates-in-windows-azure-vms.aspx

This uses manual XML entry for self signed certificates in the Role

   <Certificate name="SelfSigned" storeLocation="CurrentUser" storeName="<enter a value>" />
Stuart
  • 66,722
  • 7
  • 114
  • 165