Add a New Certificate to the Certificate Store
Updated: January 16, 2014
Before you can use a Windows Azure service certificate, you must upload it to a hosted service. The following image shows the process of adding a new .pfx certificate to a subscription's certificate store:
To add a new .pfx certificate to the Certificate Store
Export the certificate to a .pfx file. You can use either of these two options to export the certificate:
Use the Windows CertMgr.msc utility. The CertMgr utility exports a certificate file to a .pfx file with the private key. CertMgr is available as part of the Windows SDK or as part of the .NET Framework.
Use .NET APIs, from code or from PowerShell, to export a certificate file to a .pfx file with or without the private key.
The following sample PowerShell script shows how to export a certificate file:
$c = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\mycert.cer") $bytes = $c.Export("Pfx","password") [System.IO.File]::WriteAllBytes("c:\mycert.pfx", $bytes)
- Use the Windows CertMgr.msc utility. The CertMgr utility exports a certificate file to a .pfx file with the private key. CertMgr is available as part of the Windows SDK or as part of the .NET Framework.
Upload the .pfx file to Windows Azure, either via the Windows Azure Management Portal or by using the Windows Azure Service Management API. The uploaded certificate can then be used by a service or simply stored in the certificate store.
If a certificate is part of a chain of certificates, best practices recommend uploading all of the certificates in the chain to Windows Azure. For more information on working with chained certificates, see the blog entry How to install a chained SSL certificate.
Note If you are using the Windows Azure Tools for Microsoft Visual Studio to add a certificate reference to your service, the list of certificates in a chain will be added to the service definition file for you. You must still upload the certificates to Windows Azure.
For development purposes, it may be helpful to generate a self-signed certificate. For additional details on creating a self-signed certificate, see Create a Service Certificate for Windows Azure.
To upload a certificate using the management portal
Log into the Management Portal.
In the navigation pane, click Cloud Services, and then click the service for which you want to add a new certificate.
On the ribbon, click Certificates, and then click Upload a Certificate.
In the Upload certificate dialog, click Browse For File, go to the directory containing your certificate, and select the .pfx or .cer file to upload.
If you are uploading a .pfx file, type the password of the private key for the certificate.