• Article

Exercise 1: Creating and Managing the Certificates

Task 1 – Creating the Certificates

A self-signed certificate is an identity certificate that is signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy. In this exercise, you will create 3 certificates - The signing certificate, the client certificate and the server certificate.

  1. Log into your Windows Azure Portal at https://windows.azure.com

  2. Click New Hosted Service

    Figure 1

    Windows Azure Ribbon menu

  3. Create a new hosted service as follows:

    Note:
    Use a unique name and URL prefix for your service, and ensure that the Do not deploy is selected as the deployment option. By selecting this option, you are just blocking the name and the URL of your service. This URL is needed to create the service certificate

    Figure 2

    Create a New Hosted Service

  4. Click OK.
  5. Wait for a few minutes till the new hosted service is created and ready.
  6. Open the Visual studio 2010 command prompt

  7. Figure 3

    Windows Start menu

  8. Create the signing certificate and store it in the machine root by running the following command: makecert -r -pe -a sha1 -n "CN=azurehol2011_ca" -ss Root -sr LocalMachine -len 2048 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 azurehol2011_ca.cer

    Note:
    The azurehol2011_ca.cer is the file name of the certificate file and the azurehol2011_ca is the certificate common name (CN).

  9. Create a client certificate and store it in the personal certificate store by running the following command:

    makecert -pe -n "CN=Azure HOL Client Certificate, O=My Company Name" -ss my -sr CurrentUser -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -in "azurehol2011_ca" -is Root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

    Note:
    The azurehol2011_ca in the above command should match the common name (CN) from the step 7

    Figure 4

    Visual Studio Command Prompt

  10. Replace the [Your Hosted Service] in the below command with the URL prefix of the Azure service (Ex : azureholusingcerts). Create a server certificate and store it in the machine personal store by running the following command:

    makecert -pe -n "CN=[Your Hosted Service].cloudapp.net" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "azurehol2011_ca" -is Root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 azurehol2011_server.cer

    Note:
    The azurehol2011_ca in the above command should match the common name (CN) from the step 7.

    Figure 5

    Azure Command

Task 2 – Managing the Certificates

  1. Click Windows Start, and type MMC and click the mmc.exe.

    Figure 6

    Windows Start menu

  2. On the File menu, click Add/Remove Snap-in

  3. Select Certificates and click the Add button.

    -

    Figure 7

    Add or Remove Snap-ins Dialog

  4. Select My user account and then click Finish.
  5. In the Add or Remove Snap-ins dialog box, select Certificates again and click the Add button again.
  6. Select Computer Account and then click Next.
  7. Click Finish.
  8. Click OK.
  9. Expand Certificates (Local Computer) and then expand Trusted Root Certification Authority. Double-click Certificates.

  10. Locate the signing certificate (ex: azurehol2011_ca). Right-click the certificate name and then click Copy.

    Figure 8

    Certificates explorer

  11. Under Certificates (Local Computer), expand Personal. Right-click Certificates and then click Paste.

    Figure 9

    Certificates context menu

  12. Now the Local Computer Personal store should look as follows:

    Figure 10

    Certificates explorer

Task 3 – Exporting the Certificates

  1. Right-click the signing certificate (Ex: azurehol2011_ca), click All Tasks, and then click Export.

    Figure 11

    Certificates explorer

  2. Click Next.
  3. Select Yes, export the private key option and then click Next.

  4. Leave the defaults (Personal Information Exchange selection), and then click Next

    Figure 12

    Certificate Export Wizard

  5. Type and Confirm the password for this certificate (Ex: pass@word1). Click Next.

  6. Browse to a location on your development machine and save this certificate. Use the same name (ex: azurehol2011_ca.pfx) and save the certificate

    Figure 13

    Certificate Export Wizard

  7. Click Finish.
  8. Repeat the steps to save the Server certificate located at Certificates (local computer) > Personal > Certificates > [your hosted service].cloudapp.net to your development machine as azurehol2011_server.pfx. This certificate along with the signing certificate will be uploaded to the Azure hosted service instance
  9. Similarly, Repeat the steps to save the Client certificate located at Certificates - Current Users > Personal > Certificates > Azure HOL Client Certificate to your development machine as azurehol2011_client.pfx. This certificate should be distributed to the clients seeking to consume the Azure hosted WCF service.

  10. When this is done, you should have 3 certificates as follows:

    Figure 14

    Certificate Explorer

  11. Log into your Windows Azure Portal (https://windows.azure.com)
  12. Expand the name of the hosted service that you created in exercise 1 , and then click Certificates.

  13. Click Add Certificate.

    Figure 15

    Windows Azure Platform

  14. Click the Browse button, and locate the Server Certificate (azurehol2011_server.pfx) and upload it. Type the certificate password and click Create.

    Figure 16

    File Browser

  15. Similarly, upload the Signing Authority certificate (azurehol2011_ca.pfx).

    Figure 17

    Certificates Explorer

    The certificates needed for the WCF service is now ready.

< previous | next >

Downloads

Download The Offline Training Kit
Download Hands-on Lab Document (DOCX)
Download Hands-on Lab Source Files

Contents