Upload Certifcate

Upload certificates before deploying the web role

Important. Uploading a certificate before or during the web role deployment is required. At least the default certificate must be uploaded to the cloud service in use.

The pre-built service package that deploys a web role in an Azure cloud service allows you to install up to 10 certificates in the role during the deployment.

The certificates are normally used for secure connections to websites hosted by the role. Each certificate must be uploaded to the cloud service in use before or during the deployment. (Please see "SSL" for more information.)

Note. If you are not going to use certificates, you still need to upload the default certificate that comes with the service package: dummy.certificate.pfx.

The configuration file for the pre-built service package is already pre-configured for this default certificate. Each certificate slot entry in the configuration is set to the thumbprint of this certificate.

You can use your own "dummy" certificate instead of the default one. In this case, you need to replaced the thumbprint value in the service configuration file to that of your certificate. (You can also use this PowerShell script to generate your "dummy" certificate. Please note that the generated certificate will not work, and can't be used, as a certificate for secure connection setup.)

Microsoft Azure Portal allows you to upload the certificate during the web role deployment provided that you are creating a new cloud service and choose to deploy the role and upload the default certificate simultaneously. You can also upload a certificate to an existing cloud service before the web role deployment. Below we are only covering the second approach: uploading the certificate to an existing service.

To upload the default (or any other) certificate to the cloud service in use:

  1. In your Microsoft Azure account, open a cloud service you'll be using to deploy the web role in.
  2. On the Certificate tab, click "Upload"
  3. Browse to and open, the dummy.certificate.pfx file that comes with the package (or your own certificate file).
  4. Specify the password to the certificate in the corresponding field. You can find the password to the default certificate (dummy.certificate.pfx) in the dummy.certificate.password.txt file that comes with the package.
  5. Click "Upload" down below.

If you upload a certificate other than the default one, it makes sense to make a note of, or copy to the clipboard, its thumbprint (visible on the Certification tab after the certificate has been successfully uploaded.) You will need this value for the service configuration file.