[How To] Bind existing SSL certificate to AZURE PAAS Web App

Bind Custom SSL Certificate to Azure

Hello there friends. In this post I will explain how to bind an existing custom SSL certificate to your azure web role app.The same tutorial is also applicable for the worker role too.


We need following things
  1. Custom SSL Certificate (for testing you could use self signed certificate)
  2. startup.cmd file (for registering certificate in the server)
  3. Certificate name (that will get from certificate details)
  4. Thumb print (that also will get from certificate details) and
  5. Thumb print algorithm (it is also in certificate details, for example sha1)

Files need to be edited

  • ServiceDefinition.csdef (in azure project)
  • ServiceConfiguration.Cloud.cscfg (in azure project)
  • ServiceConfiguration.Local.cscfg (in azure project)

How to create startup.cmd file

It is very simple, just open notepad in your computer and paste following in the notepad file

certutil -addstore root <your-certificate-name>.crt

.crt, this must be replaced with your certificate name. For example if your SSL certificate name is cloudapp.crt, then it will be like

certutil -addstore root cloudapp.crt

How to bind SSL to azure PAAS web app.
Creating startup.cmd file

How to add SSL certificate and startup.cmd file to your project

You should add your SSL certificate and startup.cmd file in your web project root. To add this right click on your web project and choose Add -> Existing Item and navigate to folder the files contains and add them as Link. Example is shown below

How to add existing item as link in your project visual studio
Add SSL and startup.cmd Files as Link in web project root
Now all are set, just we need to configure the certificate in appropriate places.

Configuring SSL certificate in Azure Project

First take the ServiceDefinition.csdef file and add four of following in your webRole tag.

1) Add HTTPS binding

<Binding name="HttpsIn" endpointName="HttpsIn" />

2) Add Input end point for HTTPS protocol

<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="<your certificate name>" />

3) Configure the startup.cmd file for execute while deploying the package to azure PAAS. Create a startup task like below

      <Task commandLine="startup.cmd" executionContext="elevated" taskType="simple"></Task>

4) Configure certificate to to store in the installed machine

      <Certificate name="<your-certificate-name>" storeLocation="LocalMachine" storeName="My" permissionLevel="limitedOrElevated" />

After above configurations, webRole tag in your service definition file will look like below

<WebRole name="MyWebRole" vmsize="Small">
      <Site name="Web">
          <Binding name="Endpoint1" endpointName="Endpoint1" /> <!--This is for HTTP binding, if you don't want HTTP binding just remove it-->
          <Binding name="HttpsIn" endpointName="HttpsIn" />
      <InputEndpoint name="Endpoint1" protocol="http" port="80" /> <!--This is for HTTP binding, if you don't want HTTP binding just remove it-->
    <InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="sample.cloudapp.net" />
      <Task commandLine="startup.cmd" executionContext="elevated" taskType="simple"></Task>
      <Certificate name="sample.cloudapp.net" storeLocation="LocalMachine" storeName="My" permissionLevel="limitedOrElevated" />

In the above example Endpoint1 is for HTTP binding. Which means your website will serve both HTTP and HTTPS at the same time. If you want only HTTPS, then remove above mentioned lines. Then site will be available only in HTTPS.

Configuration points to be done in other cscfg files

Now there are two other configuration files are there one is for Local running purposes and other for cloud deploy. Edit both files and add following lines in your web role.

      <Certificate name="<your-certificate-name>"
          thumbprintAlgorithm="<your-encryption-algorithm>" />

Replace your certificate details . So the configuration files will be look like

 <Role name="MyWebRole">
    <Instances count="1" />
      <Certificate name="sample.cloudapp.net"
          thumbprintAlgorithm="sha1" />

You need to update both Local and Cloud configurations otherwise your Azure project will return compilation error.

Note :

If you are already running your website (if that is hosted for testing purpose or something like that, that web sites could have sub URL of cloudapp). In that case if you want to re-direct http to your new https site, then you must include the 80 Endpoint configured in service definition file. And for HTTP to HTTPS re-direction go here.
[How To] Bind existing SSL certificate to AZURE PAAS Web App [How To] Bind existing SSL certificate to AZURE PAAS Web App Reviewed by Tech Doubts on 4:34 AM Rating: 5

No comments:

Powered by Blogger.