Azure: Creating an SSL Certificate on IIS then Importing the .PFX

We use IIS to create the CSR and to complete the Certificate Request.

We use the Computer Certificates MMC to export that certificate to .PFX.

When exporting with the intent to import the .PFX into Azure we run the following steps:

  1. Open the Computer Certificates MMC
    • Click on Start and type: Computer
    • image
  2. Navigate into the Personal –> Certificates store
    • image
  3. Right click on the newly acquired certificate and click All Tasks –> Export
    • image
  4. Click Next on the Welcome to the Certificate Export Wizard
  5. Choose to export the Private Key
    • image
  6. Choose the Include all certificates… and Export all extended properties options
    • image
    • Uncheck Enable certificate Privacy
  7. Set a password and choose the Encryption: TripleDES-SHA1 setting
    • image
    • NOTE: Azure will not accept AES256-SHA256
  8. Set a Path for the .PFX file
    • The file _must_ have the following structure: FileName.PFX
  9. In the Azure Portal click on the web site then TLS/SSL settings in the left hand column
    • image
  10. Click on Private Key Certificates (.pfx)
    • image
  11. Click on Upload Certificate
  12. Choose the local .PFX file
  13. Set the password
  14. Once done, click on Bindings
  15. Click on the site to change its certificate
  16. Select the newly uploaded certificate under the Private Certificate Thumbprint dropdown list
  17. Click the Add Binding button
  18. Done

Note that the Azure Portal tends to change a bit over time so the above instructions are as of this writing.

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Our Web Site
PowerShell and CMD Guides

Leave a comment

Your email address will not be published.