Creating and adding SSL certificates for Azure

Generating and assigning an SSL certificate to an Azure website can be a pain if you’re new to the process or only do it a few times a year. This guide goes through the steps of creating an SSL certificate and adding it to an Azure site. It assumes a windows environment using RapidSSL as the cert provider, but most of the steps are also valid for *nix environments too.

Step 1 – Create the CSR
a – Open IIS Manager (inetmgr.exe)
b – click on your server
c – select “Server Certificates” under the “IIS” category
d – in “Actions”, select “Create Certificate Request”
e – Fill in the form. The “Common name” should be www.yoursite.com, or *.yoursite.com for a wildcard certificate (ie: you plan to buy a cert that will work across your subdomains too)
f – Use 2048 bit
g – save this as c:\site.csr

Step 2 – Create the certificate
a – Go to your cert provider website (eg: www.rapidssl.com)
b – Create a standard or wildcard certificate depending on what you chose for the common name in 1e
c – Follow all the steps through the site, email and phone until you finally get the confirmation email containing your certificate
d – Download the intermediate certificates if your provider has them. For RapidSSL they’re at https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548. Download the “Bundled Intermediate (PEM)” file as c:\intermediate.pem
e – Save the Web Server certificate as: c:\site.cer

Step 4 – Export your private key
a – Go start -> run -> “MMC”
b – File -> “Add/Remove Snapin”
c – Expand “Certificate Enrollemnt Requests”
d – Find the certificate you created using its common name from step 1e
e – Right-click -> Export -> “Yes, export the private key” -> “Personal Information Exchange – PKCS #12 (.PFX)”
f – Save as c:\site.key.pfx

Step 5 – Convert your private key to PEM format
a – Download and install OpenSSL for windows – http://slproweb.com/products/Win32OpenSSL.html (you’ll probably need the VC++ 2008 Redistributables as well)
b – Install it at c:\openssl, and choose the options to keep the binaries in “/bin”
c – When installed, open up CMD.exe and go to c:\, then:
- set OPENSSL_CONF=c:\openssl\bin\openssl.cfg
- openssl\bin\openssl.exe pkcs12 -in site.key.pfx -nocerts -out site.key.pem
- openssl\bin\openssl.exe rsa -in site.key.pem -out site.key

Step 6 – Generate the PFX file
a – Still in the console from step 5c, type:
- OpenSSL\bin\openssl.exe pkcs12 -export -out site.pfx -inkey site.key -in site.cer -certfile intermediate.pem

Step 7 – Install on Azure
a – Open up the website you want to install your cert to on Azure and click on “Configure”
b – Go to Certificates, and upload your site.pfx file
c – Once it’s installed, assign it to your website under the “SSL bindings” section
d – Hit “Save” and visit https://www.yoursite.com to test everything’s working