I added an HTTPS endpoint to my WebRole, and now I'm getting the following warning when I attempt to run the Azure Emulator, which causes the compute emulator to stop and the debugger to bail:
Warning: The SSL certificate 'Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption' for endpoint 'HttpsIn' of role 'MyProj.Web' was not found in the local machine's certificate store.
This certificate has nothing to do with the HTTPS endpoint. It also doesn't (and shouldn't) be on the local machine's certificate store -- it does exist on CurrentUser certificate store (I've checked). I've attempted to get rid of the reference to this certificate altogether in my ServiceConfiguration just to see what happens, but it keeps automatically being re-added.
Any help would be appreciated.
Edit:
Just to be clear, I am not attempting to use the Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption certificate as my SSL cert. I have successfully set up a separate self-signed certificate in the Local Machine store for the HTTPS endpoint:
ServiceDefinition.csdef
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
<Binding name="HttpsIn" endpointName="HttpsIn" />
</Bindings>
...
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="80" />
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="AzureSSL" />
</Endpoints>
...
<Certificates>
<Certificate name="AzureSSL" storeLocation="LocalMachine" storeName="My"/>
</Certificates>
ServiceConfiguration.Local.cscfg
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="xxxxxxxxxx" thumbprintAlgorithm="sha1" />
<Certificate name="AzureSSL" thumbprint="xxxxxxxxxx" thumbprintAlgorithm="sha1" />
</Certificates>
The WebRole is adding the RemoteAccess certificate settings and looking for the certificate in LocalMachine because SDK 1.8 adds <Import moduleName="RemoteAccess" />
to csdef file. To resolve this issue:
<Import moduleName="RemoteAccess" />
and <Import
moduleName="RemoteForwarder" />
from the csdef file.Or, you could just add the RDP cert to LocalMachine store.
Well, two things:
The latter is not bad at all, but you shall be aware of all your certificates and which one is used for what.
First of all, enabling Remote Desktop on Azure Role Instances needs X.509 certificate. It is configured by indicating certificate's thumbprint in the configuration file (csdef). It is required because the password for the RDP account is encrypted with that certificate. That password encryption is part of the packaging process (or more precisely of the Remote Desktop wizard process). You have to separately upload that certificate to the Windows Azure Cloud Service that you will deploy your package. And also have that certificate in local user's store.
Second certificate is for HTTPS. It is also described as thumbprint and location. However HTTPS certificate is usually located on local machine
store, and not current user
store. This X.509 certificate again must be separately uploaded to the Cloud Service and must be present there. You may read here on how to configure HTTPS endpoint for Windows Azure Cloud Service. In order for packaging to work fine, the HTTPS Endpoint certificate needs to be in Local Machine store (or more precisely the Web Hosting store - if you open the IIS Manager and navigate to Server Certificates
, you must be able to see the certificate there). This is the expected place for an HTTPS certificate, that's why packaging requires it to be there. And that's why it complains it cannot find it. Because your Password Encryption Certificate (which you indicated to be used for HTTPS also) is not in local machine's store.
Last, but not least, certificates used by a package are configured in the Certificates section of properties
of your cloud service project.
Suggested readings:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With