Share via


Getting SSL certificates to work

There are a number of useful informational articles out on the web on how to deal with SSL Certificates with Windows Azure.  The first few places to start are:

https://blogs.msdn.com/davethompson/archive/2009/11/24/add-ssl-security-to-your-azure-webrole.aspx
https://blogs.msdn.com/jnak/archive/2009/12/01/how-to-add-an-https-endpoint-to-a-windows-azure-cloud-service.aspx
https://blogs.msdn.com/davethompson/archive/2009/11/24/add-ssl-security-to-your-azure-webrole.aspx

There may be times, depending on the certificate you are trying to use that these steps won’t be enough.  You may see an error like:

 At least one certificate specified in your service definition is not found.
Please upload these certificate(s), and then upload your application package again.
 - Dr. Watson Diagnostic ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Resolution

If you see something like this, and you are using a certificate from a 3rd party, you may need to get the intermediate certificates installed as well.  One problem that happens with some 3rd parties is that they will not give you a .pfx file.  Since that is the only file type you can upload to Azure for certificates, you have to convert them.  All that is needed is to create a .NET application with the following code:

 // The path to the certificate.
string certificate = @"c:\test.cer";
 
// Load the certificate into an X509Certificate object.
X509Certificate cert = new X509Certificate(certificate);
byte[] certData = cert.Export(X509ContentType.Pkcs12, "Password");
 
System.IO.File.WriteAllBytes(@"c:\test.pfx", certData);

Or you can do the same in powershell:

 $c = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\test.cer")
$bytes = $c.Export("Pfx", "Password")
[System.IO.File]::WriteAllBytes("c:\test.pfx", $bytes)

Running this will allow you to create .pfx files for each certificate and then import them into Azure.  Just be sure to change the “Password” and put the same one in on the dashboard for Azure.