Azure Web App: Use IIS to Generate a SSL Certificate

We have a need to set up SSL certificates for a number of the WordPress sites we have set up as an Azure Web App.

The simplest way to do this, at least for us, is to use the built-in CSR certificate request mechanism as we just happen to have a number of them about. 😉

To do so:

  1. Open the IIS console
  2. Navigate to ServerName (Domain\Domain.Admin)
  3. Double click the Server Certificates shortcut in the IIS section
    • image
  4. Create Certificate Request
    • image
  5. Fill out the form
    • image
    • NOTE: The Common name field should be the URL used for the site
  6. Set the Bit length to 2048
    • image
  7. Specify a name and folder for the CSR file
    • image
    • A plain text file is okay since we will be pasting the contents of the .TXT file into the Certificate Authority’s console
  8. Open File Explorer, navigate to the .TXT file, double click to open, and COPY the contents
    • image
  9. Paste into the Certificate Authority’s CSR
    • image
  10. Depending on the Certificate Authority and type of certificate there will be some sort of ownership validation
    • image
  11. Once the process completes we paste the new certificate into the still open NotePad window and Save As
    • image
  12. In the IIS Console click Complete certificate request
    • image
  13. Point to the TXT file
    • image
  14. Once its complete click on Start and type Certificates click on Manage computer certificates
    • image
  15. Navigate to the Personal –> Certificates folder
    • image
    • Right click on the certificate and Export
  16. Select Yes to export the Private Key
    • image
  17. Options to set
    • image
  18. Set a password
    • image
  19. Select a location and name for the file making sure the extension is .pfx
    • image
  20. The exported file should have a key symbol on it indicating the Private Key is there
    • image

From here we go to the Azure portal and the Add Private Certificate (.pfx) blade and upload the certificate.

image

Put the password set to the .PFX file in and click the Upload button.

Azure should let us know things are happy.

image

On the SSL Binding blade we choose our domain name, the certificate we just uploaded, and SNI (Server Name Indication) that allows Azure to route the packets to the correct place.

image

Click the Add binding button and eventually the newly seated certificate will show.

image

Note that we choose to use a trusted certificate authority over any of the freebies out there as the green lock says that our site has been domain ownership verified.

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
www.s2d.rocks !
Our Web Site
Our Cloud Service

Leave a comment

Your email address will not be published. Required fields are marked *