Create a Management Certificate for Windows Azure

Updated: May 14, 2013

A Windows Azure management certificate is an X.509 v3 certificate used to authenticate an agent, such as Visual Studio Tools for Windows Azure or a client application that uses the Service Management API, acting on behalf of the subscription owner to manage subscription resources. Windows Azure management certificates are uploaded to Windows Azure and stored at the subscription level. The management certificate store can hold up to 100 certificates per subscription. These certificates are used to authenticate your Windows Azure deployment.

Management certificates must have a key length of at least 2048 bits and should reside in the Personal certificate store. When the certificate is installed on the client, it should contain the private key of the certificate. To upload to the certificate to the Windows Azure Management Portal, you must export it as a .cer format file that does not contain the private key.

To create your own self-signed management certificates, open a Visual Studio command prompt and execute the following command:

msdos

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

For more complete information on generating a certificate, see Create a Service Certificate for Windows Azure.

Warning
The private key associated with certificate should be maintained in a secure location. After the .cer file is uploaded, anyone who has the private key can use the Service Management API to control the hosted service. This includes creating, deleting, and modifying services and storage accounts on your subscription that are associated with certificate.

See Also

Concepts

Manage Certificates in Windows Azure