I run a web app here at mysimpleads.com, as you may have noticed. I needed SSL setup for two of my domains. There are quite a few guides on setting up SSL on Azure Cloud Services, problem is some have this bit or that bit not fully explained. Also, with the quick releases of Azure they get outdated. I can say this guide is current as of the moment . I did a lot of this from memory, so if any part isn’t clear, let me know and I’ll try to rattle my neurons to get it figured out. This guide is for the Cloud Services portion, I haven’t had the chance to play with Azure Websites do to their more expensive SSL costs.
Order an SSL
Having an SSL provider to begin with is always a good start. There are of course a multitude of brands, types, and places to order them. For right now I will say one thing to keep in mind is if you are planning on running a site with multiple subdomains, like sub1.mysimpleads.com and sub2.mysimpleads.com, you will probably want to buy a wildcard SSL certificate. This will let you use a single cert for multiple sites, as long as they are all under the same domain. I’m using a wildcard cert while hosting my multiple subdomains on a single web role.
Create a Certificate Signing Request (CSR)
- Remote terminal into your cloud service via Visual Studio
- Open up the IIS MMC
- Double-click on the Server Certificates icon in the control list
- On the right-side, select Create Certificate Request
- In the Request Certificate window that appears enter the details for your certificate. You can bing/google about what the different fields mean. Keep in mind if you are doing a wildcard certificate, you need to enter *.sitename.com in the Common Name field. Here’s one such article on the field details… https://support.globalsign.com/customer/portal/articles/1229769
- Click Next and in the next section, make sure to select a Bit-length of at least 2048.
- Click Next again and Finish the CR.
Get the completed cert from your SSL provider
You will now take the text from the CR, which starts with and ends with this…
—–BEGIN NEW CERTIFICATE REQUEST—–
—–END NEW CERTIFICATE REQUEST—–
…to the place you purchased your SSL. You will paste that or import that into their system. They will then generate the ‘.cer’ certificate file you will use to generate the ‘.pfx’ that gets imported into Azure.
- Once you have the certificate from your provider, go back into IIS MMC.
- Click Complete Certificate Request.
- Click OK to complete it. Then export that certificate to the ‘.pfx’ file. You will need to provide a password, so don’t forget it, as you will need it to import into Azure.
- Your SSL provider will probably have an ‘intermediate certificate’. This is a generic certificate that gets ‘chained’ with your certificate. You need to simply download it from their site and save it as a ‘.cer’ file. It will start with and end with…
Import into Azure Web Portal
- Import your .pfx and any intermediate .cer into Azure Web Portal. Select your cloud service, and then the Certificates tab and Upload command on the bottom. You will upload each .pfx/.cer file separately. If you have an intermediate certificate you will upload two files then, one .cer and one .pfx.
- In the Certificates screen you will see your certs now listed. You need to copy the text from the Thumbprints column for each cert to copy into your configuration file.
Insert the settings into your Azure project’s configuration file
- In Visual Studio, open up your Role configuration and go to the Certificates tab.
- Click Add Certificate and create Certificate entries for all your thumbprints. You can name them whatever. For the Intermediate certificate select the CA Store Name, and for your personal one select the My Store Name. Store Location will be LocalMachine for both.
- Now that you have an SSL certificate, enable an HTTPS endpoint.
- In your ServiceDefinition.csdef file add the endpoint binding to your site(s).
- You’re all set. Optionally, if you are running ASP.NET MVC and created a Base Controller, you can decorate it with [RequireHttps] to required HTTPS connections for all your controllers that inherit it.
- Finally, publish to Azure.
You should now be able to access your site with https, like https://use.mysimpelads.com/account/register. If you have any troubles, leave a comment or catch me on twitter (@clippersoft) and I’ll do my best to help.