Wednesday, January 12, 2011

Windows Azure API Certificate Creation UI and Command Prompt

How to Create a x509 Certificate for the Windows Azure Management API
1.       Load the IIS 7 management console. I’m assuming here you have IIS7 installed since its required for the Windows Azure SDK.
2.       Click on your Server.
3.       Double Click Server Certificates in the IIS Section in the main panel.
4.       Click Create Self-Signed Certificate… in the Actions panel.
5.       Give it a Friendly Name.
6.       Close IIS Manager.
7.       Open Certificate Manager (Start->Run->certmgr.msc)
8.       Open Trusted Root Certification Authorities, then Certificates.
9.       Look for your certificate (Tip: Look in the Friendly Name column).
10.    Right Click your certificate, then choose All Tasks, then Export…
11.    In the Wizard, choose No, do not export the private key, then choose the DER file format.
12.    Give your cert a name. (remember to call it something.cer).
13.    Navigate to the Windows Azure Portalhttp://windows.azure.com
14.    Click the Account Tab, then click Manage My API Certificates.
15.    Browse to the certificate file you created earlier and upload it.
16.    Done!



How to Create Windows Azure API certificates through command prompt
1.      use makecert.exe (which ships with the Windows SDK) and use a command like the below:
makecert -r -pe -a sha1 -n "CN=Certificate Name" -ss My -len 2048 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 APICert.cer
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Basic Options
 -sk  <keyName>         Subject's key container name; To be created if not present
 -pe                             Mark generated private key as exportable
 -ss  <store>                 Subject's certificate store name that stores the output certificate
 -sr  <location>            Subject's certificate store location.<CurrentUser|LocalMachine>. 
Default to 'CurrentUser'
 -#   <number>            Serial Number from 1 to 2^31-1.  Default to be unique
 -$   <authority>          The signing authority of the certificate
                        <individual|commercial>
 -n   <X509name>       Certificate subject X500 name (eg: CN=Fred Dews)
 -?                                Return a list of basic options
 -!                                 Return a list of extended options




The next step is to upload the .cer file to the developer portal to let Windows Azure know that it should trust the certificate for API operations on your projects. The portal now has a new section called “API Certificates” under the Account tab where one can do this.


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)