Here is a step by step guide on how I created and signed a X.509 certificate on a WinXP machine, where IIS tools like makecert.exe are not available. You can use the certificate to establish a SSL connection to your Windows Azure server and test your web site.
Generate the certificate
- Download and install the FileZilla Server.
- Start the FileZilla Server Interface. Open the Server Options window by choosing the menu point Edit → Settings.
- In the left column, choose SSL/TLS Settings entry. Click on the button Generate new certificate.
- Fill in the form, choose a folder to save the file and click on the button Generate certificate.
FileZilla creates a file with extension .crt. You can view it in your browser, it is a plain text file consisting of two character sequences:
-----BEGIN RSA PRIVATE KEY----- (812 characters) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (1012 characters) -----END CERTIFICATE-----
Convert and upload the certificate
In order to deploy the certificate on a Windows Azure production server, you need a X.509 private communication file. So you have to convert your .crt file to a password encrypted file of type .pfx. I used an online tool to do that.
- Go to the SSL Converter page.
- In the Type To Convert To scrollbar, choose PFX/PKCS#12. Provide the path to your .crt file in the textboxes Certificate File to Convert and Private Key File.
- Create a password for the encryption and keep it safe. Click on Convert Certificate.
- Go to the Windows Azure management portal.
- Select Hosted Services → <your service> → Certificates, see screenshot.
- On top of the page, click on the Add Certificate icon.
- Upload your certificate, type in your password.
Because the certificate is self-signed, your browser does not trust it and displays a warning on connecting to your server. Nevertheless, the SSL connection is set up.
Contact me if you have questions or comments.