Use Certificates With a VM Role in Windows Azure
Updated: March 8, 2011
For a VM Role, you must have an x.509 certificate, saved as a .cer file (referred to as a management certificate in the Management Portal), which is needed to upload a VHD to Windows Azure. If you intend to remotely access the VM Role instance, you also need a Personal Information Exchange certificate, saved as a .pfx file (referred to as a cloud service certificate in the Management Portal).
You may also need certificates for applications that are running in the VM Role instances. Any certificates that are required when your application is running in VM Role instances must be added to the Windows Azure certificate store; you should not include them with your server image. To install certificates to role instances, you must define the LocalMachine store location in the service definition file. Windows Azure then adds the certificates for you. For more information about installing certificates to role instances, see Support for Certificate Installation in Install the Windows Azure Integration Components. For more information about the service definition, see Set Up a Cloud Service for Windows Azure.
You must create an x.509 certificate and add it as a management certificate to the Windows Azure Management Portal to provide authentication when you upload a VHD to Windows Azure. To create the certificate, see the Creating an X.509 certificate section of Create a Service Certificate for Windows Azure.
 Note |
|---|
| You must ensure that the extension of the certificate file is .cer to be added as a management certificate to the Management Portal. |
-
Log on to the Management Portal.
-
Click Settings, and then select the subscription to which you want to add the management certificate.
-
On the ribbon, click Upload.
-
Browse to the .cer file on your local computer, select the file, and then click
.
A cloud service certificate is not required to upload a VHD and run VM Role instances, but it is required if you want to remotely access the VM Role instance while it is running. To create the certificate, see the Creating a Personal Information Exchange certificate section of Create a Service Certificate for Windows Azure.
|
Note |
|---|
| You must ensure that the extension of the certificate file is .pfx to be added as a cloud service certificate to the Management Portal. |
-
Log on to the Management Portal.
-
Click Cloud Services, and then click the name of the service that will contain the VM Role.
-
In the details pane, click Certificates, and then on the ribbon, click Upload.
-
Browse to the .pfx file location on your local computer and select the file.
-
Type the password of the private key for the certificate, and then click
.
After you create and add certificates to the Management Portal, you can upload the VHD file to Windows Azure. To do this, see Upload a VHD for a VM Role in Windows Azure.
