Creating .cer and .pfx certificates for Windows Azure (Part 1) – Using IIS Manager

Hi everyone,

There are two types of certificates in Windows Azure (based on X.509 certificate)

1. Windows Azure Management API certificate (.CER),  used when you wanted to deploy application straight onto Windows Azure from application inside your computer whether it is Visual Studio 2010 or Eclipse.
2. Windows Azure Remote Desktop certificate (.PFX), used when you wanted to remote desktop into the instances in your Windows Azure instance.

In this post, I’ll cover how to create the certificates using the IIS Manager. This post is divided into four parts.

• Creating Windows Azure Management API Certificate (.CER)
• Creating Windows Azure Remote Desktop Certificate(.PFX)
• Uploading .CER to Windows Azure Management Portal to enable publishing from external software such as VS2010 and Eclipse
• Uploading .PFX to Windows Azure Management Portal to enable Remote Desktop

Creating Windows Azure Management API Certificate(.CER)

1) Open up IIS Manager

2) In the IIS Manager window, click on Server Certificates

3) Click Create Self-Signed Certificate

4) Give it a friendly name. Let’s say Azure Portal Cert

5) Once you’re done, go to certmgr.msc

6) Under Trusted Root Certification Authorities, try to look for the cert that you have created earlier, you can identify it by the friendly name

7) Right Click on the certificate>All Tasks>Export

8) Click Next and choose No, do not export the private key(*this will let you create .cer cert)

9) Choose DER Encoded Binary X.509 (.cer)

10) Choose the location that you wanted to export the cert into. Click Next and Finish

11) Export is successful, done! Now let’s create .pfx certificates.

Creating Windows Azure Remote Desktop Certificate(.PFX)

.CER and .PFX main difference is .CER doesn’t have any private key associated to it meanwhile .PFX has private key associated to it. In creating .pfx certificate, the difference starts from Step 8 in the Steps above.

1) Choose Yes, export the private key

2) Click next, you can see the default is .PFX cert

3) Insert the password you desired.

4) Choose the location that you wanted to export the cert into. Click Next and Finish

5) Done!

Uploading .CER to Windows Azure Management Portal to enable publishing from external software such as VS2010 and Eclipse

1) Login into Windows Azure Management Portal

2) Under the Management Certificate, click add certificate. Browse to where your .CER certificate is and click OK. Done, you have uploaded the .CER certificate.

Uploading .PFX to Windows Azure Management Portal to enable Remote Desktop

1) Login into Windows Azure Management Portal. I assume you already know how to create hosted service at this point from the previous blogpost.

2) Under your Hosted Service, click on the certificate folder. Then click Add Certificate, browse to your .PFX certificate, click OK and you’re done!

I’m done with Part 1. Part 2 we will see how can we create certificate from command prompt.