Steps to Install SSL on Microsoft Azure
Following process must be completed before your start SSL certificate installation on your Microsoft Azure.
- Buy/renew SSL Certificate
- Generate CSR with SHA-2 algorithm
- Save the CSR & Private key file on your server
- Apply for SSL Certificate Issuance
- Submit SSL Certificate issuance documents as per CA’s requirement (Only for Extended & Organization Validation)
Step 1: Download SSL Certificate Files
Once you send documents to CA (Certificate Authority), they will verify it and accepts if all documents are correct. After that, they will send you SSL certificate via email. Download that SSL certificate file and store it on your web server.
Step 2: Update the service definition and configuration files
To use the SSL successfully, your Azure App must add the HTTPS endpoint, and for that you need to update your service definition and configuration files.
- Open the Service Defecation file (CSDEF) from the Development Environment.
- Here, you need to add a new Certificate section under the WebRole section. Add following information to do the same.
<WebRole name="CertificateTesting" vmsize="Small"> ... <Certificates> <Certificate name="SampleCertificate" storeLocation="LocalMachine" storeName="GeoTrust" permissionLevel="limitedOrElevated" /> <!-- Instruction - Here you also need to add the Intermediate SSL Certificate. --> <Certificate name="CAForSampleCertificate" storeLocation="LocalMachine" storeName="GeoTrust" permissionLevel="limitedOrElevated" /> </Certificates> ... </WebRole>
Here, the PermissionLevel attibute carries two values either limitedOrElevated or elevated, so select it carefully.
- limitedOrElevated = Private key is accessible for all processes
- elevated = Private key is accessible for elevated process.
Here, the certificate section displays the name and the path of the primary certificate file.
- Add the InputEndpoint section within Endpoints section using following code.
<WebRole name="CertificateTesting" vmsize="Small"> ... <Endpoints> <InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="SampleCertificate" /> </Endpoints> ... </WebRole>
- Now add a new Binding section within the Sites section, this will add the HTTPS binding which maps the endpoint to your site.
<WebRole name="CertificateTesting" vmsize="Small"> ... <Sites> <Site name="Web"> <Bindings> <Binding name="HttpsIn" endpointName="HttpsIn" /> </Bindings> </Site> </Sites> ... </WebRole>
- Add the certificate section under the Role section using following code.
<Role name="Deployment"> ... <Certificates> <Certificate name="SampleCertificate" thumbprint="9427befa18ec6865a9ebdc79d4c38de50e6316ff" thumbprintAlgorithm="sha2" /> </Certificates> ... </Role>
Here you need to replace the thumbprint value with your SSL certificate data.
- Save the Service configuration file.
Step 3: Uploading Deployment Package & Certificate
- Login to your Microsoft Azure Account via here.
- Click on New > Cloud Service > Custom Create one by one
- Create a Cloud Service dialog will appear, here you need to add the URL, Region & subscription. Don’t forget to check Deploy a cloud service package now.
- Click on Next button now.
- In Publish your cloud service dialog, add the required details for the cloud service. For the environment select Production, please make sure Add certificates now is checked.
- For single instance role check “Deploy even if one or more roles contain a single instance”.
- Click on the Next
- Add Certificate dialog will appear, here browse for your SSL certificate file & enter appropriate password and then click on attach certificate
- Your SSL certificate file will appear under ATTACHED CERTIFICATES tab
- To create the cloud service click on the Complete One the deployment reaches to ready status you can proceed to the next step.
Step 4: Role instance connection using HTTPS
Now your deployment is up to ready status, so you can connect Azure with HTTPS.
- In your Azure Management Portal, select your deployment and then click on the website link under the SITE URL.
- If your website link is without HTTP then modify it with HTTPS and run it again.