-
Open Internet Information Services (IIS) 7, click the
top-level folder (your computer name), and click Server
Certificates in the Content View.
-
In the right pane, click Create Self-Signed
Certificate.
-
In the Create Self-Signed Certificate wizard, type a name
for the certificate (such as MyNewCert) and click OK.
-
Exit IIS and type mmc in
the Start menu Search Programs And Files field—this is the
shortcut to open the Microsoft Management Console
application.
-
Click File | Add/Remove Snap-In.
-
In the Add Or Remove Snap-Ins dialog box, click
Certificates and then click Add.
-
Select Computer Account in the Certificates Snap-In
wizard, then click Next, then Finish, and then OK.
-
Find the certificate you just added by navigating to
Certificates\Personal\Certificates in the root console view.
Your newly created certificate should be listed in the
Management Console—as shown here.
-
Right-click the certificate, select All Actions, and then
select Export.
-
10. In the Certificate Export wizard, select Next, and
then select No. Do not export the private key, accept the
default DER encoded binary X.509 option, and click Next. Browse
to a location to save the certification file, and provide a file
name (such as MyNewCert.cer).
Click Save and then Finish.
Now that you’ve completed the export of the certificate,
you can upload the certificate to Windows Azure. This is a
straightforward process that you do through the Windows Azure
developer portal.
-
Navigate to your Windows Azure developer portal (https://windows.azure.com/Default.aspx).
-
Select Hosted Services, Storage Accounts & CDN in the main portal
view.
-
Click Management Certificates, as shown here.
-
Click Add Certificate in the portal ribbon and browse for
the certification that you just created, as shown.
-
Click Done. Your certificate should now display in the
portal, along with additional metadata about the certificate.
For example, in the following graphic, you’ll note that the main
view shows who the certificate was issued by, the name of the
certificate, and additional information such as the thumbprint
and subscription ID, which can be used when your program is
interacting with Windows Azure.
Your certificate is now uploaded to Windows Azure, and you
can now use it in your applications. To illustrate, you’ll
continue with the exercise to create a simple console
application that uses the local certificate you created to
establish trust with Windows Azure.
-
Open Visual Studio 2010 and click File | New Project |
Windows And Console Application. Provide a name for the project
(such as GetACSCertInformation)
and click OK.
-
Right-click the project and select Properties. On the
Resources tab, add a new resource. Provide a name for the
resource (such as CertLocation)
and then add the directory location and file name of the trusted
certificate (for example, c:\Certificates\MyNewCert.cer).
-
Double-click Program.cs and amend the code as shown
here:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Xml.Linq;
using System.Net;
using System.IO;
using System.Security.Cryptography.X509Certificates;
namespace GetACSCertInformation
{
class Program
{
static void Main(string[] args)
{
var azureRequest = (HttpWebRequest)WebRequest.Create("https://management.
core.windows.net/<your subscription ID>/services/hostedservices");
azureRequest.Method = "GET";
azureRequest.ContentType = "xml";
azureRequest.ClientCertificates.Add(X509Certificate2.CreateFromCertFile
(GetACSCertInformation.Properties.Resources.CertLocation));
azureRequest.Headers.Add("x-ms-version", "2009-10-01");
var azureResponse = azureRequest.GetResponse().GetResponseStream();
var xmlResultsFromAzure = new StreamReader(azureResponse).ReadToEnd();
Console.WriteLine(XElement.Parse(xmlResultsFromAzure));
Console.ReadLine();
}
}
}
The code in this application is straightforward: it
creates a new WebRequest to interact with
Windows Azure (using the REST API). The
WebRequest object then loads the trusted
certificate from the local system by using the
ClientCertificates.Add method. When the
call is made to Windows Azure, the certificate is then used to
authenticate the incoming request: the certificates are
compared, and the request is authenticated. When the request has
been authenticated, the server response is an enumeration of the
hosted services available in Windows Azure (as requested by the
REST URI request). The result for your application should look
something similar to that shown here.
