Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Control Access to Certificates on a Virtual Machine

Control Access to Certificates on a Virtual Machine

Updated: August 23, 2014

Access to certificates containing private keys should be restricted to processes that are fully trusted. Windows Azure VM roles restrict role access by default. Web and worker roles allow all role processes to access the private key by default. To restrict access you must set the permissionLevel attribute on the Certificate element in your service definition file. The permissionLevel attribute specifies the access permissions given to the role processes. If you want only elevated processes to be able to access the private key, then specify elevated permission. limitedOrElevated permission allows all role processes to access the private key. Possible values are limitedOrElevated or elevated. The default value is limitedOrElevated.

  1. Open the ServiceDefinition.csdef file.

  2. Locate you’re the Certificate element for the certificate and add the permissionLevel attribute and set the value to elevated.

    <ServiceDefinition name="WindowsAzureProject4" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
      <WorkerRole name="MyWokerRole">
          . . .
          <Certificate name="MySSLCert" storeLocation="LocalMachine" storeName="My" permissionLevel="elevated" />
  3. Save the file.

See Also

© 2015 Microsoft