Contact us at |support@ssldragon.com
  • Install SSL Certificate on Azure

How to install an SSL Certificate on Microsoft Azure?

Monday, January 14th, 2019

This tutorial will explain to you how to install an SSL Certificate on Microsoft Azure for websites and web applications. You will also learn how to generate a CSR (Certificate Signing Request) for Azure – an essential step you must perform before the actual installation. The later parts of this guide include a small overview of the Azure history and useful tips on where to buy an SSL certificate for Microsoft Azure server.

How to generate a CSR code for Microsoft Azure?
How to install an SSL certificate on Microsoft Azure for a website?
How to install an SSL certificate on Azure for a web app?
Microsoft Azure Server History
Where to buy an SSL Certificate for Microsoft Azure Server?

How to generate a CSR Code for Microsoft Azure?

Unlike other server platforms, Azure doesn’t allow you to generate a CSR directly from its interface. Since it’s a cloud computing service, you can only upload the SSL Certificate from the Azure console.

To create the CSR, you have to use the IIS (Internet Information Services) manager on your local Windows machine. You also need to install your certificate on the IIS server. Finally, you must export it in PFX format from the Windows server, and import it to the Microsoft Azure portal.

It seems a bit overwhelming, doesn’t it? But don’t worry, we’ve already written a comprehensive, step by step guide about the IIS server on another page. All you have to do is follow the steps below:

  1. Check the How to install an SSL Certificate in IIS guide. Make sure you select the right IIS version available on your machine
  2. After you’ve successfully generated the CSR and installed the certificate on IIS server, export your certificate to a PFX file from your IIS server.

How to export an SSL Certificate from IIS?

  1. Open the Microsoft Management Console on your computer. Depending on your Windows version, you can type “mmc” in your Windows search bar, or launch it via Start > Run > Enter “mmc” in the “open” box and click OK
  2. From the top-left corner select File and open Add/Remove Snapin window
  3. In the list of available snap-ins select Certificates and click Add
  4. In the next window, select Computer account and click Next
  5. Now, choose Local Computer (the computer this console is running on) then Finish
  6. Click OK to add the snap-in
  7. Next go back to the console. Locate the Console Root on the left menu and expand the Personal folder
  8. Right-click the certificate you’re exporting then select All Tasks > Export
  9. Click Next on the Certificate Export Wizard window
  10. Select Yes, export the private key and click Next
  11. In the next window, select Personal Information Exchange – PKCS #12 (.PFX). and leave only the middle boxed unchecked. Click Next
    • CHECK – Include all certificates in the certification path if possible
    • DO NOT CHECK – Delete the private key if the export is successful
    • CHECK- Export all extended properties
  12. Now, secure your export file with a password and click Next. Make sure you remember your password, or write it down; you will need it for a later step
  13. In the File to Export Window, select a name for your .pfx file and indicate a save location of your choice. Click Next
  14. Double-check the information and hit the Finish button
  15. Click OK on the confirmation window and prepare to import your .pfx file which stores your certificate details and your private key to your Azure server.

How to install an SSL certificate on Azure for a website?

  1. Log in to the Azure Management Portal
  2. Go to the web sites tab, and under Name, select your website
  3. On your website’s page, click Configure
  4. In the certificates section under SUBJECT, click upload a certificate
  5. A new window will pop up. Here, under File, click BROWSE FOR FILE and select the .pfx certificate file that you’ve exported via the Microsoft Management Console
  6. In the PASSWORD field, enter the password you chose for the .pfx file when you exported it
  7. Click the checkmark to upload the SSL Certificate
  8. Now, go to the CONFIGURE tab, and, under ssl bindings, from the Choose a domain name drop-down list, select the domain name you want to secure
  9. From the next Choose a certificate drop-down list, select the SSL Certificate that you want to add to your Azure website
  10. From the final drop-down list, select the SSL configuration method of your choice:
    • IP Based SSL is the traditional method that associates the SSL Certificate with your domain name by mapping your server’s dedicated IP address to your domain name. If you use this option, each domain name that you associate with your service must have its own dedicated IP address
    • With SNI SSL multiple domain names can share one IP address, and each domain has its own SSL Certificate. While most modern browsers support SNI, it is not available on some older versions
  11. Click Save to finish the SSL installation on your Azure Website.

Note: If you selected the IP SSL configuration method, and you used an A record to configure your custom domain name, a dedicated IP address was assigned to your website. You can locate it on the Dashboard page of your site, in the quick glance section, under VIRTUAL IP ADDRESS. The dedicated IP address is different from the virtual IP address that was used to configure the A record for your domain. To complete your SSL installation, you need to change the A record for your custom domain name to point to the newly assigned dedicated IP address. You can do this step in your domain name registrar dashboard.

How to install an SSL certificate on Azure for a web app?

This tutorial assumes that you already have a cloud service. If you have not yet created a cloud service, read this first.

Before installing the SSL certificate, and using it successfully on your Azure app, you must add an HTTPS endpoint to your app. For that, you have to update the service definition and service configuration files. Follow the steps below to perform the update:

  1. Open the service definition file (CSDEF) from your development environment
  2. Within the WebRole section, create a Certificates section, and add the following details about the certificate and intermediate certificates
    <WebRole name="CertificateTesting" vmsize="Small">...
    <Certificates>
    <Certificate name="SampleCertificate"
    storeLocation="LocalMachine"
    storeName="My"
    permissionLevel="limitedOrElevated" />
    <!—Here you need to add the Intermediate SSL Certificate
    .-->
    <Certificate name="CAForSampleCertificate"
    storeLocation="LocalMachine"
    storeName="CA"
    permissionLevel="limitedOrElevated" />
    </Certificates>
    ...</WebRole>
  3. The Certificates section includes the name and the path of the primary certificate file. Pay attention to the permissionLevel attribute, as it carries two values:
    • limitedOrElevated is the default value where all role processes can access the private key
    • elevated is the value that allows only an elevated process to access the private key
  4. Within the Endpoints section, add an InputEndpoint element to enable the HTTPS:
    <WebRole name="CertificateTesting" vmsize="Small">...<Endpoints><InputEndpoint name="HttpsIn" protocol="https" port="443"certificate="SampleCertificate" /></Endpoints>...</WebRole>
  5. Next, within the Sites section, add a Binding element to create an HTTPS binding to map the endpoint to your site:
    <WebRole name="CertificateTesting" vmsize="Small">...<Sites><Site name="Web"><Bindings><Binding name="HttpsIn" endpointName="HttpsIn" /></Bindings></Site></Sites>...</WebRole>
  6. Save and close the service definition file
  7. Open your service configuration file (CSCFG) and add a Certificates value with that of your certificate
    <Role name="Deployment">...<Certificates><Certificate name="SampleCertificate"thumbprint="9427befa18ec6865a9ebdc79d4c38de50e6316ff"thumbprintAlgorithm="sha1" /><Certificate name="CAForSampleCertificate"thumbprint="79d4c38de50e6316ff9427befa18ec6865a9ebdc"thumbprintAlgorithm="sha1" /></Certificates>...
    </Role>
  8. Save and close the service configuration file. Prepare to upload the certificate to Azure.

Upload your SSL Certificate to Azure

  1. Log in to the Azure Management Portal
  2. Go to the All resources section and select your cloud service
  3. Click Certificates, and then Upload at the top of the certificates section
  4. Locate your SSL Certificate and enter the password you created for the .pfx file. Click Upload.

Connect to your deployment via HTTPS

  1. Click on the website link under the SITE URL
  2. Modify the link to load through https instead of http and run it again
  3. Congratulations, you’ve successfully added an SSL to your Azure app.

Test your SSL installation

After you install an SSL Certificate on Azure, use one of these handy SSL tools to check your SSL installation for potential errors.

Microsoft Azure Server History

Microsoft Azure is a popular cloud computing service with a huge portfolio of cloud services such as networking, storage, databases, web and mobile apps deployment, AI cognitive service, Internet of Things, and developer tools.

Azure started as a Microsoft internal initiative codenamed “Project Red Dog”. It was announced to the general public in 2008, and released on February 1, 2010, as “Windows Azure”.

Since its release, Azure has gone a long way to become the second largest IaaS (infrastructure as service) and PaaS (platform as service) provider in the world, behind only AWS (Amazon Web Services).

On March 25, 2014, Microsoft renamed “Windows Azure” into “Microsoft Azure” to better reflect its wide range of services. Today, Azure supports a variety of frameworks, programming languages, open source software and operating systems including Linux.

Azure is especially popular among large organizations that already use Microsoft products, but it’s quickly gaining in popularity among small businesses and even independent developers.

Where to buy an SSL Certificate for Microsoft Azure Server?

The best place to buy an SSL Certificate for Azure is from SSL Dragon. We offer unbeatable prices, regular discounts and great deals on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to provide your website with bulletproof encryption. All our SSL certificates are compatible with Microsoft Azure. Here are the types of SSL certificates we sell:

To help you pick the ideal SSL certificate, we built a couple of exclusive SSL tools. Our SSL Wizard takes care of your searching and recommends the best SSL deal for your online project. On the other hand, the Certificate Filter sorts and compares different SSL certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.