How to Configure Certificate-based Activation in Windows Azure Connect

Updated: April 25, 2013

The recommended way to implement cross-premises and hybrid scenarios is by using Windows Azure Virtual Network. Please see Windows Azure Virtual Network Overview for more information about Virtual Network.

Certificate based activation in Windows Azure provides an extra layer of security when installing a local endpoint. In most situations it is not necessary to use certificate based activation. Only use this feature if there is a concern that the installation link provided during the install process could be used by an unauthorized third party.

Certificate based activation uses a certificate authority to verify the machine certificate that is installed in the personal certificates store on the computer on which the endpoint is being installed.

Important
The certificate file used must be exported from a certificate authority certificate and not a .CER certificate used for purposes such as service management.

The general procedure for installing an endpoint using certificate based activation is as follows:

1. Export the certificate authority certificate to a .CER file as shown below.
   
   
2. Activate the certificate based activation option as shown below.
   
   
3. Install Windows Azure Connect endpoint as show in How to Install Local Endpoints with Windows Azure Connect.
   
   

To export a Certificate Authority certificate

1. Open the Certificate Manager snap-in for the management console by typing certmgr.msc in the Start menu textbox.

2. Expand Personal, click Certificates.

3. Right-click the certificate authority certificate to use for authentication.

4. Under All Tasks, click Export…

   This opens the Certificate Export Wizard.

5. Click Next. On Export Private Key select No, do not export the private key and click Next.

6. On Export File Format select DER encoded binary X.509 (.CER) and click Next.

7. On File to Export click Browse… and navigate to the location where you want to store the exported certificate. In File name: type a name for the exported certificate. Click Next.

8. Click Finish.

To enable certificate-based activation

1. Open the Management Portal for Windows Azure.

2. On the lower left, click Virtual Network.

   The Windows Azure Connect interface appears.

3. In the console tree, click the subscription on which to enable certificate-based activation.

4. With the subscription still selected, in the Manage area of the ribbon, click Activations Option.

5. On Configure Certificate Endpoint Activation select Require endpoints to use trusted certificate for activation.

6. Click Add…

7. Navigate to folder where the certificate file exported in the procedure is stored. Select the file and click Open.

8. Click OK.