Wednesday, November 6, 2013

SSL cert considerations in Windows Azure

If your windows Azure application is using an SSl certficate, you need to configure it in both your service definition file and .cscfg file. The whole process is explained clearly in the following Microsoft article:

Here, I am going to discuss about few considerations while configuring SSL. As you can see from the above Link, the certificate should be defined in the csdef file

        <Certificate name="SampleCertificate" 
                     storeName="CA" />

The store can be either 'LocalMachine' or 'CurrentUser'. And the storenames can be one of the following -MyRootCATrustDisallowedTrustedPeopleTrustedPublisher,AuthRoot, and AddressBook.
You can also create your custom store name, which in case the store will be created.

 Interestingly, Microsoft by default does not allow direct import to the trusted root store. Even if you give the Storename as "CA" , the cert will be downloaded only to the intermediate cert store. You will have to write a startup task with elevated permissions to move the cert to root store. However, you need to do this only if your SSl cert is issued by a provider who is not included in the Microsoft root certificate program . If a provider is part of the root certificate program, the root certificate corresponding to your SSL certificate will automatically be downloaded to your Azure instance when you deploy it.

The comprehensive list of cert providers included in the root certificate program can be found in this link

Note: Azure had an issue with OS version 2.19_201309-01, where the root certs of providers from the MS root certificate program was not getting downloaded automatically. They have corrected it now and re-released the OS. It is sorted in OS versions 2.19_201309-03 and later..


  1. Secure Socket Layer (SSL) encryption is the most commonly used method of securing data sent across the internet. There are simple steps to install SSL certificate for windows.
    Easy Installation os SSL

  2. Multi-domain SSL certificates refer to a specific type of SSL certificate that offer security to multiple domain and hostnames that exist within the same domain. Multi-domain certificates are occasionally referred to as unified communications certificate (UCC), multi-SAN or UC certificate. This certificate is perfect for Exchange Server 2010, Microsoft Live Communications Software, and Microsoft Exchange Server 2007.