I still don’t understand various concepts behind certificates like SSL certificate, code signing certificate etc. I only know that they must be used for security & privacy. Each time I have to renew the certificate on our Notezilla.Net server that is used by our sticky notes app Notezilla, I forget how I did it last time as there are many steps involved.
Last time I used GoDaddy’s SSL certificate. This time I went for PositiveSSL SSL certificate from NameCheap.com as this was the cheapest I found (very cheap compared to GoDaddy).
I looked over the Internet to find how to install PositiveSSL certificate on Windows Azure (IIS) & configure my ASP.Net MVC project for HTTPS. I found the information all scattered over different websites. Spent lot of hours setting it right. Basically, I have unified all the steps in this single post.
Buy PositiveSSL SSL certificate from NameCheap.com. This is the certificate that will only require your domain to be verified.
Once you purchase the certificate, you will need to activate it from your NameCheap account settings. Activation requires you to generate a CSR from IIS. You can do it from any Windows machine which has IIS installed. You can learn how to generate CSR (certificate request) on IIS.
CSR is saved into a text file. You would copy this text and give it to NampCheap when activating the certificate. NameCheap will now check if you are the owner of the domain for which you are requesting the certificate. Once you complete the verification, Comodo will send you the .cer file (certificate) as an attachment to an email.
Now, you would ensure that you have the root & intermediate certificates installed on the system where you generated the CSR. To install these, refer to this page. You would need to download these certificates from either this link or this link.
Typically, there is one root & 2 intermediate certificates. Pick the latest from above link.
After you have installed the root & intermediate certificates as in previous step, you would now install the .cer file for your domain that Comodo sent to you. To do this, follow the Complete Certificate Request link in IIS . You don’t have to follow the bindings steps given in latter link if this is not your final server system.
When doing the above, you may encounter an error “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created”. To resolve this, look here.
In order to upload all the root & intermediate certificates to Windows Azure, you will need to first export those certificates from IIS (where you imported them) to .cer files because this is what Windows Azure wants. Do this from the Certificates Management Console on your IIS machine.
Now export your domain certificate into a .pfx file. Go to Personal->Certificates in the Certificates Management Console to export.
At this point, we have 2 to 3 .cer files and a .pfx file. Go to your Windows Azure portal, select the cloud service, click on the ‘Certificates’ tab and upload all the exported certificates. Note, in one of the Firefox versions I was not able to upload the files to Windows Azure. I then used Internet Explorer to upload the files.
You would now need to configure your ASP.Net Cloud Service project to use these certificates. Right click on the Web role in your cloud service project and choose ‘Properties’. Under ‘Properties’, click on Certificates option. Add your certificate information. Look at the first 3 rows below. Ignore the last row.
Once you do this, configure an endpoint for HTTPS. Right click on the Web role in your cloud service project and choose ‘Properties’. Under ‘Properties’, click on Endpoints option. See below.
Build your package & deploy it on Windows Azure. It should work. You may also want to redirect all HTTP requests to HTTPS. I have done this for Notezilla.Net.