Azure uses .pfx files to bind SSL to your domain. This tutorial will show you how to generate the .pfx file from a custom SSL certificate that you purchased from a trusted certificate authority by using the Windows Certificate Store.
Prerequisites
To complete this tutorial you need to have completed the following:
Mapped a custom DNS name
Acquired an SSL certificate from a trusted certificate authority. The file should look similar to this:
Have the private key you used to sign the SSL certificate request
Generate .pfx certificate using the Windows Certificate Store
Take the Certificate .txt file and rename the extension to .cer. So if you had a Certificate.text file you should now have a Certificate.cer file.
Right Click the File and Select Install Certificate.
Follow the wizard to install the certificate.
Add them to a Certificate Store you will find easily
Open the Certificate Manager. Either Search for Certificate and click on Manage User Certificates or follow the bellow steps to open the Certificate Manager:
Open the MMC (Start>Run>MMC).
Go toFile>Add / Remove Snap In
Double ClickCertificates
SelectComputer Account.
SelectLocal Computer>Finish
Then, right click the certificate and choose export:
Follow the wizard to export the certificate to a .pfx file.
Choose to export the private key
Choose the .PFX file in the
Add a strong password
And finally Save the .pfx file.
The .pfx generation is complete. Now you can use the .pfx file to bind your certificate to your domain in Azure.
Start Windows Explorer and select and hold (or right-click) the . pfx file, then select Open to open the Certificate Import Wizard. Follow the procedure in the Certificate Import Wizard to import the code-signing certificate into the Personal certificate store.
The private key and CSR are created during the creation of a CSR request in IIS and the certificate is reimported when issued (both steps can be found in the video guide ). Exporting is very simple - right-click on the certificate and select Export.
Right-click the certificate you want to export to .pfx file.From the drop down, click on All Tasks and then Export. You will see the Certificate Export Wizard.
The contents of a pfx file can be viewed in the GUI by right-clicking the PFX file and selecting Open (instead of the default action, Install). This will open mmc and show the pfx file as a folder. Open the pfx folder and the Certificates subfolder, and you will see the certificate(s) contained in the pfx.
Let's go to Settings> Advanced Settings> Privacy and Security> Manage Certificates.In the window that opens we select the certificate to export and press the “Export” button. Then a Windows wizard will open to export certificates.
Microsoft Certificate Stores are repositories for storing digital certificates and their associated properties. Windows operating systems store digital certificates and certificate revocation lists in logical and physical stores. Logical stores contain pointers to public key objects in physical stores.
There is a very handy GUI tool written in java called portecle which you can use for creation of an empty PKCS#12 keystore and also for an import of the certificate without the private key into the PKCS#12 keystore - this functionality is available under "Import trusted certificate (Ctrl-T)" button.
This type of certificate store is local to the computer, global to all users on the computer, and is located under the HKEY_LOCAL_MACHINE root in the registry. This type of certificate store is local to a user account on the computer, and is located under the HKEY_CURRENT_USER registry root.
System certificate stores has the following types:
The certificate store is located in the registry under HKEY_LOCAL_MACHINE root. Current user certificate store: This certificate store is local to a user account on the computer. This certificate store is located in the registry under the HKEY_CURRENT_USER root.
Introduction: My name is Greg O'Connell, I am a delightful, colorful, talented, kind, lively, modern, tender person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
