Creating an Encryption Certificate

Retired Content

This content and the technology described is outdated and is no longer being maintained. For more information, see Transient Fault Handling.

To encrypt the rules store, the service information store, or the autoscaling configuration settings you must use a self-signed certificate in .pfx format. The following procedure shows you how you must generate the certificate and load it into the local machine's personal certificate store.

Creating a self-signed certificate in .pfx format

  1. Run the following commands from a Visual Studio command prompt to create a self-signed certificate in .pfx format.
    makecert -r -pe -n "CN=azureconfig" -sky exchange "azureconfig.cer" -sv "azureconfig.pvk"
    You must create a certificate with a subject key type of exchange, not signature.

  2. You will be prompted for a password to secure the private key three times. Enter a password of your choice.
  3. Then enter the following command to create the .pfx file. After the -pi switch, enter the password you chose.
    pvk2pfx -pvk "azureconfig.pvk" -spc "azureconfig.cer" -pfx "azureconfig.pfx" -pi password-entered-in-previous-step
  4. You can verify that the certificate has been created by using the Visual Studio command prompt to list the contents of the current folder. If the commands succeeded, you will see three files: azureconfig.cer, azureconfig.pfx, and azureconfig.pvk.
  5. Import the created certificate in .pfx format to the Local Machine store in the My store name on your machine. To get to the management console and import the certificate:
    1. Click Start, type mmc in the Search programs and files box, and then press Enter.
    2. On the File menu, click Add/Remove Snap-in.
    3. Under Available snap-ins, double-click Certificates.
    4. Select Computer account, and then click Next.
    5. Click Local computer, then click Finish, and then click OK.
    6. Expand the Certificates node, right click the Personal folder. Point to All Tasks, then click Import.
    7. On the first page of the Certificate Import Wizard, click Next.
    8. On the File to Import page click Browse. In the File Open dialog, change the filter to Personal Information Exchange. Locate and select the .pfx file that you created in step 3, and then click Open to import the certificate. Then click Next.
    9. On the Password page of the wizard, enter the password chosen in step 2. Then click Next.
    10. On the Certificate Store page of the wizard. Place the certificate in the Personal store. Click Next, and then click Finish.

If you are encrypting the configuration file you will need the thumbprint of the certificate.

Obtaining the thumbprint of the certificate

  1. In the Certificates snap-in in the management console, expand Certificates, then Personal, then Certificates.
  2. If you followed the previous procedure, your certificate will be called azureconfig. Double click your certificate.
  3. Click the Details tab in the Certificate dialog. Scroll down the list of fields to locate the Thumbprint field. You can copy the thumbprint to the clipboard or to a file.

Last built: June 7, 2012