Request and Install SSL Cert for Azure

Here is my cheat sheet so I can remember how to install an SSL certificate.

Create the Certificate Request

In Windows 7 from the Administrative Tools menu, start Internet Information Services (IIS) Manager. (Of course IIS needs to be installed on your computer. If it isn’t, open Programs and Features from Control Panel. Select Turn Windows features on or off. Under Web Management Tools, make sure that IIS Management Console is checked.)

In the Internet Information Services (IIS) Manager, double click on Server Certificates. On the right, click Create Certificate Request. Complete the request similar to this screen shot.

Click for full size
Click for full size

Select Microsoft RAS SChannel Cryptographic Provider and 2048 bit length.

Click for full size
Click for full size

On the final page, provide a file name. Make note of the folder where the text file will be created.

Click for full size
Click for full size

Submit the Request

Click for full size
Click for full size

I use (good prices and good service). After purchasing the SSL, select Activate.

For the web server, select Microsoft Internet Information Server. Open the text file from the Certificate Request. Copy all of the text (including the BEGIN and END markers) and paste it in the “Enter CSR” box. Click Next.

Select the desired approver e-mail. Make sure that you (or someone that you notify) has access to this e-mail account.

For the Contact Info page, enter your e-mail address so that you will receive the certificate.

Approve the Request

When the approver e-mail arrives (which can take a few hours), you will need to click the link in the e-mail. Then on the web page, click the “Approve” button.

Downloading a Geotrust Certificate

The following steps are from
Access the GeoTrust User portal
Provide the common name, technical contact e-mail address associated with the SSL order, and the image number generated from the GeoTrust User Authentication page.
Select Request Access against the correct order ID.
An e-mail will be sent to the technical contact e-mail address specified above.
Click on the link listed in the e-mail to enter the User Portal.
Click “View Certificate Information”

Click for full size
Click for full size

Select PKCS7 from the drop down, save the p7s file to your server.
Note: The pkcs7 certificate is a certificate bundle that includes the SSL certificate file and any intermediates that are included in the certificate chain. The x509 certificate is the SSL certificate by itself as a single file.
Rename the mydomain.p7b (or mydomain.p7s) file to mydomain.cer.

Completing the Request in IIS

From the Internet Information Services (IIS) Manager, select Server Certificates. On the right under Actions, click Complete Certificate Request. Select the mydomain.cer file that you downloaded. Enter the Friendly name (this must match the one entered when you created the CSR in the first step). Example:

Due to a bug in IIS 6.1, you may receive an error saying that the Friendly name didn’t match. However if you refresh (press F5) in the Server Certificates window, you should see your new certificate.

Export to PFX

In IIS Manager’s Server Certificates, make sure that the new SSL certificate is selected. Under Actions on the right, click Export. Select a file name and make note of its location. Enter a password; write the password down if necessary.

Install the Certificate in Azure

Log into Azure and select your Cloud Service. Go to the Certificates tab. Click on Upload at the bottom of the page. Select your PFX file and enter your password. After a few seconds, the certificate should be appear in the list of certificates.

Point to the New Certificate

In the Azure portal, go to the Configure tab. Scroll down to the Certificates section. Copy the thumbprint retrieved above and paste it over the existing thumbprint. Click Save at the bottom of the page to apply your changes.

The server may or may not restart. If you get an error, you should manually restart the server.

Update the Certificate reference in Visual Studio

Open Visual Studio and open your solution. Expand the Azure project. Expand the Roles folder. Double click on the desired role. Select Certificates on the left. In the right column under Thumbprint, highlight the correct row and click on the ellipse on the right. Select the desired certificate.

For Azure App Service

After the new cert. has been downloaded, unzip the file and rename the p2b file to a .cer extension as outlined above. Then complete the certificate request in IIS and export to a .pfx file (with password). In the Azure portal, go to the SSL Settings page and, under Private Certificates, upload the file.

On the Bindings page, add two new bindings and use the new cert. Remove the old bindings and old cert when done. Reload the web site and verify the new expiration for the cert.

XBox trials

Today a fellow software developer told us that he woke up at 6 AM this morning to find his four-year-old son trying to play his brand-new game on the XBox. However the XBox wasn’t working. After fiddling with the console for a while, the dad decided to disconnect and then reconnect all of the cables. Then came the surprise…but first a little background to the story.

Last night, his son had received a new video game and was playing it. At the time, the game was having some problems; the dad told his son that sometimes the XBox gets too hot and needs to cool off.

So when the dad picked up the XBox to check the connections, out poured water! His son had tried to cool off the console with water. When he realized his mistake, he ran to his room. his dad found him crying in his closet. Poor guy!