How to Create a x509 Certificate for the Windows Azure Management API

Cut to the chase. Here is how you do it.

  1. Load the IIS 7 management console. I’m assuming here you have IIS7 installed since its required for the Windows Azure SDK.
  2. Click on your Server.
  3. Double Click Server Certificates in the IIS Section in the main panel.
  4. Click Create Self-Signed Certificate… in the Actions panel.
  5. Give it a Friendly Name.
  6. Close IIS Manager.
  7. Open Certificate Manager (Start->Run->certmgr.msc)
  8. Open Trusted Root Certification Authorities, then Certificates.
  9. Look for your certificate (Tip: Look in the Friendly Name column).
  10. Right Click your certificate, then choose All Tasks, then Export…
  11. In the Wizard, choose No, do not export the private key, then choose the DER file format.
  12. Give your cert a name. (remember to call it something.cer).
  13. Navigate to the Windows Azure Portal
  14. Click the Account Tab, then click Manage My API Certificates.
  15. Browse to the certificate file you created earlier and upload it.
  16. Done!

Want to use the API, check out these  Windows Azure Service Management CmdLets on code gallery – and script your upgrades.


4 thoughts on “How to Create a x509 Certificate for the Windows Azure Management API

  1. Good post! Couple of things to note

    – If you’re exporting the key to use it on another machine, you *must* export the private key. You need the private key installed on your machine to make API calls work

    – If you’re a command line junkie, you can just do “makecert -r -pe -a sha1 -n “CN=Windows Azure Authentication Certificate” -ss My -len 2048 -sp “Microsoft Enhanced RSA and AES Cryptographic Provider” -sy 24 yourapicert.cer”

    1. Thanks for pointing that out Sriram. I was too lazy to install the Windows SDK and get the command line tool – i figured most folks would have IIS installed so went that route :)

Comments are closed.