Here is a step by step guide on how I created and signed a X.509 certificate on a WinXP machine, where IIS tools like makecert.exe are not available. You can use the certificate to establish a SSL connection to your Windows Azure server and test your web site.
Generate the certificate
- Download and install the FileZilla Server.
- Start the FileZilla Server Interface. Open the Server Options window by choosing the menu point Edit → Settings.
- In the left column, choose SSL/TLS Settings entry. Click on the button Generate new certificate.
- Fill in the form, choose a folder to save the file and click on the button Generate certificate.
FileZilla creates a file with extension .crt. You can view it in your browser, it is a plain text file consisting of two character sequences:
-----BEGIN RSA PRIVATE KEY----- (812 characters) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (1012 characters) -----END CERTIFICATE-----
Convert and upload the certificate
In order to deploy the certificate on a Windows Azure production server, you need a X.509 private communication file. So you have to convert your .crt file to a password encrypted file of type .pfx. I used an online tool to do that.
- Go to the SSL Converter page.
- In the Type To Convert To scrollbar, choose PFX/PKCS#12. Provide the path to your .crt file in the textboxes Certificate File to Convert and Private Key File.
- Create a password for the encryption and keep it safe. Click on Convert Certificate.
- Go to the Windows Azure management portal.
- Select Hosted Services → <your service> → Certificates, see screenshot.
- On top of the page, click on the Add Certificate icon.
- Upload your certificate, type in your password.
- Finished!
Because the certificate is self-signed, your browser does not trust it and displays a warning on connecting to your server. Nevertheless, the SSL connection is set up.
Contact me if you have questions or comments.
I am trying to install an app which requires a X.509 Certificate. This web based app is going to communicate with another web based app. Both apps sit on the same laptop which runs WinXP.
I followed your instructions to generate a self-signed ssl certificate using FileZilla. Because both apps run from the same laptop and I take my laptop to other places such as library, school daily. So I cannot key in my home (external) IP for “Common Name” as I want these 2 apps able to talk to each other outside my home too. Should I type in 127.0.0.1 for the “Common Name” entry?
I am hoping these apps can talk to each other even if I am in places where internet access is not available.
Also, the web app that I want to test run requires to communicate through a port number. So to access this web app, the url is something like this:: “http://127.0.0.1:9000/AppName/login”
Should the “Common Name” be “127.0.0.1:9000″ or “127.0.0.1″ is good enough?
Also, once I can generate a certificate, does it mean that in order to use this certificate, I have to use this url instead:”https://127.0.0.1:9000/AppName/login”?
Thanks in advance
John
Hello John,
if you are on a local server, you can use https://127.0.0.1/ or https://localhost/ as the common name. Do not include the port number, you will want the certificate to be valid for all ports and requests.
Make sure that your server software is capable of handling SSL requests, and your browser trusts your certificate.
Hope that helps!
Best regards,
Stephan