As more companies migrate their applications to Windows Azure, the level of complexity continually increases. Ecommerce sites require that communication between the user and the server is encrypted using an SSL certificate. Here is how to add an SSL certificate to a Windows Azure web role (site).

1. Generate / Purchase an SSL certificate

Generate a .csr file on your development machine and purchase your SSL cert through your desired certificate authority.(CA).

2. Install the certificate on your development machine

You will need to install the certificate in a specific location on your local machine so that it can be embedded within your Azure application. If you are installing a .PFX, select your “personal” store. Visual Studio 2010 will look in “Current User / Personal” to add the certificate to your Windows Azure web role.

PFX install exmaple

3. Confirm your certificate is installed correctly

To ensure your certificate is installed correctly, check your installed certificates using the Certificate snap-in in the MMC.

a. Open Start / Run
b. Type “mmc”
c. Under File, select “Add/Remove Snap-in…”
d. Under Available snap-ins, select “Certificates”
e. Select “Computer Account”
f. Click “Ok”
g. In the content tree, select Console Root / Certificates (Local Computer) / Personal / Certificates
h. Confirm your certificate is listed

MMC example

4. Add the certificate to Visual Studio 2010 Web Role

You will need to embed the certificate within your project to use it within the application. To do this:

a. Right click your web role and go to “Properties”
b. Under Certificates, select “Add Certificate”
c. Enter a name for your certificate
d. Under Thumbprint, click the selection button
e. Select your certificate

Select certificate example

5. Add the SSL Endpoint to the Visual Studio 2010 web role

Once deployed, Windows Azure will assign specific endpoints to your application for traffic. By default, port 80 is set up. You will need to add an endpoint for port 443 to enable SSL traffic.

a. Right click your web role and go to “Properties”
b. Under Endpoints, select “Add Endpoint”
c. Enter the desired endpoint name
d. Under Protocol, select “https”
e. Under Public Port, enter “443”
f. Under SSL Certificate Name, select your new certificate

Endpoint example

6. Add the certificate to your Windows Azure Subscription

Before deploying the web role, you will need add the certificate to your Windows Azure Subscription.

a. In the Windows Azure Management Portal, expand your hosted services
b. Under your desired subscription, select “Certificates” and “Add Certificate”
c. Select your certificate PFX
d. Add the appropriate password (if applicable)

Add certificate to Azure example

e. Confirm your certificate is listed under your subscription

Azure certificates example

7. Deploy your application

After embedding your certificate and adding to Windows Azure, you are ready to deploy your application. Follow the standard deployment process to migrate your changes to Windows Azure.

8. Confirm your endpoints

After you deploy your updated web role, confirm your endpoints for your instance.

Azure Endpoints

9. Confirm your site configuration (OPTIONAL)

If you have enabled RDP connectivity to your role, you can confirm your site’s IIS configuration.

RDP example

Once completed, you will have installed a certificate in your web role and will be able to encrypt traffic to your site. Good luck!