Request and Install SSL Cert for Azure

Here is my cheat sheet so I can remember how to install an SSL certificate.

Create the Certificate Request

In Windows 7 from the Administrative Tools menu, start Internet Information Services (IIS) Manager. (Of course IIS needs to be installed on your computer. If it isn’t, open Programs and Features from Control Panel. Select Turn Windows features on or off. Under Web Management Tools, make sure that IIS Management Console is checked.)

In the Internet Information Services (IIS) Manager, double click on Server Certificates. On the right, click Create Certificate Request. Complete the request similar to this screen shot.

Click for full size
Click for full size

Select Microsoft RAS SChannel Cryptographic Provider and 2048 bit length.

Click for full size
Click for full size

On the final page, provide a file name. Make note of the folder where the text file will be created.

Click for full size
Click for full size

Submit the Request

Click for full size
Click for full size

I use NameCheap.com (good prices and good service). After purchasing the SSL, select Activate.

For the web server, select Microsoft Internet Information Server. Open the text file from the Certificate Request. Copy all of the text (including the BEGIN and END markers) and paste it in the “Enter CSR” box. Click Next.

Select the desired approver e-mail. Make sure that you (or someone that you notify) has access to this e-mail account.

For the Contact Info page, enter your e-mail address so that you will receive the certificate.

Approve the Request

When the approver e-mail arrives (which can take a few hours), you will need to click the link in the e-mail. Then on the web page, click the “Approve” button.

Downloading a Geotrust Certificate

The following steps are from https://knowledge.geotrust.com/support/knowledge-base/index?page=content&actp=CROSSLINK&id=SO15183
Access the GeoTrust User portal
Click https://products.geotrust.com/orders/orderinformation/authentication.do
Provide the common name, technical contact e-mail address associated with the SSL order, and the image number generated from the GeoTrust User Authentication page.
Select Request Access against the correct order ID.
An e-mail will be sent to the technical contact e-mail address specified above.
Click on the link listed in the e-mail to enter the User Portal.
Click “View Certificate Information”

Click for full size
Click for full size

Select PKCS7 from the drop down, save the p7s file to your server.
Note: The pkcs7 certificate is a certificate bundle that includes the SSL certificate file and any intermediates that are included in the certificate chain. The x509 certificate is the SSL certificate by itself as a single file.
Rename the mydomain.p7b (or mydomain.p7s) file to mydomain.cer.

Completing the Request in IIS

From the Internet Information Services (IIS) Manager, select Server Certificates. On the right under Actions, click Complete Certificate Request. Select the mydomain.cer file that you downloaded. Enter the Friendly name (this must match the one entered when you created the CSR in the first step). Example: www.mydomain.com

Due to a bug in IIS 6.1, you may receive an error saying that the Friendly name didn’t match. However if you refresh (press F5) in the Server Certificates window, you should see your new certificate.

Export to PFX

In IIS Manager’s Server Certificates, make sure that the new SSL certificate is selected. Under Actions on the right, click Export. Select a file name and make note of its location. Enter a password; write the password down if necessary.

Install the Certificate in Azure

Log into Azure and select your Cloud Service. Go to the Certificates tab. Click on Upload at the bottom of the page. Select your PFX file and enter your password. After a few seconds, the certificate should be appear in the list of certificates.

Point to the New Certificate

In the Azure portal, go to the Configure tab. Scroll down to the Certificates section. Copy the thumbprint retrieved above and paste it over the existing thumbprint. Click Save at the bottom of the page to apply your changes.

The server may or may not restart. If you get an error, you should manually restart the server.

Update the Certificate reference in Visual Studio

Open Visual Studio and open your solution. Expand the Azure project. Expand the Roles folder. Double click on the desired role. Select Certificates on the left. In the right column under Thumbprint, highlight the correct row and click on the ellipse on the right. Select the desired certificate.

For Azure App Service

After the new cert. has been downloaded, unzip the file and rename the p2b file to a .cer extension as outlined above. Then complete the certificate request in IIS and export to a .pfx file (with password). In the Azure portal, go to the SSL Settings page and, under Private Certificates, upload the file.

On the Bindings page, add two new bindings and use the new cert. Remove the old bindings and old cert when done. Reload the web site and verify the new expiration for the cert.

Cleaned Dad’s Downstairs Office

My dad really enjoyed working with computers. His first personal computers included the Radio Shack TRS-80 (late 1970’s) and the Epson HX-20 (early 1980s). He later got a “portable” (AKA a “luggable”) Compaq computer. (We still have these computers.)

Over the years, he accumulated a *lot* of computers, related equipment, software and supplies. He had an office downstairs where he enjoyed working. However a few years ago after his health started to decline, he was no longer able to spend time downstairs. So he moved a computer upstairs. Eventually this downstairs office turned into a cluttered mess.

Last Saturday, I flew back to Moline, Illinois with a goal to help my mom clean up the office downstairs. Although it was almost overwhelming at first, I eventually got it done. As they say “Inch by inch the job’s a cinch.” I went through all of the piles, boxes, notebooks, files, etc. I kept items (like pictures and special memorabilia) that had special value.

A lot of stuff was thrown out. We filled two and a half trash containers…thanks to some neighbors plus the garbage was picked up mid-week. We made a trip to the eWaste site in Davenport. We made another trip to the Habitat for Humanity’s ReStore to donate some building supplies as well as my dad’s wheelchair, walker, etc. And we made three trips to Salvation Army. We completely filled her recycling container with paper and cardboard.

Here is a BEFORE picture that was actually taken after I had started some cleaning.

Downstairs Office Before Cleaning. Click photo to view full size.
Downstairs Office Before Cleaning. Click photo to view full size.

Here are some AFTER pictures.

Downstairs Office After Cleaning. Click photo to view full size.
Downstairs Office After Cleaning. Click photo to view full size.

Downstairs Office with Organized Shelves. Click photo to view full size.
Downstairs Office with Organized Shelves. Click photo to view full size.