For some reason, most likely because you never do it more than once a year, adding ssl certificates to a server is poorly documented and unnecessarily complicated. Here are some things I learned recently about adding ssl certs on Windows Azure Websites.
I recently added a cert to this site, https://digitaltoolfactory.net which is hosted on Windows Azure Websites. It looks simple enough, just upload a file, sure it’s a .pfx file, but those are avilable aren’t they?
Off I go to NameCheap.com, plunk down my $10 and get a GeoTrust Rapid SSL Certificate. Then you have to generate a CSR – from there just go to your IIS manager and
- Click on “Create Certificate Request” (Common Name is the domain name btw)
- Do Everything it asks
- You will then plug that into your SSL Provider, they will then email (of all things) you back a long code
- Go Back to your IIS Manager and click on “Complete Certificate Request”
- You will then have a file – this is not the file you use
- From there click on the server certificate, and then click “Export”
- That will generate the .pfx file
- From there you can upload the file to Azure
- You then have assign the bindings to that certificate
- Restart the site in the Azure Manager
That’s it!
There are a few caveats.
The big one is that if you have any errors in this process Azure will not tell you – instead all you will get is the big scary “This site claims to be DigitalToolFactory.net, but the actual certificate is for *.WindowsAzureWebsites.net”.
The other caveat is that Microsoft is charging $9.00 per month to host a site site with Secure Socket Layer bindings, which is ridiculous. By my estimation it costs more to host the cert than to host the actual site, which makes it unique in all web hosting. Why they do this I don’t know. I’m glad to have the option, but the amount seems ridiculous – hopefully that fee will drop soon.