Azure https with pfx file

Question

I am trying to create an https endpoint for my azure service. I was given an p7b file that I converted into a cer file. From the cer I was able to convert with a few lines of c# to a pfx.

var cert = new X509Certificate2(@"certpath", "
var bytes = cert.Export(X509ContentType.Pfx, "password");
File.WriteAllBytes(@"certpath\cert.pfx", bytes);

Now when I upload the cert to azure everything seems ok, I copy the thumbprint and try to upgrade with the new thumbprint as part of the end point and I get an error in azure.

Certificate with thumbprint 3FA490D1D4957942CD2ED545F6E823D0008796EA2 associated with HTTPS input endpoint "endpointName" does not contain private key.

Answer 1

Getting pfx file from SSL certificate from godaddy. Details here in case it helps.

Answer 2

How did you convert the .p7b to a .cer? You're problem is that cer files don't contain the private key information, so when you exported it as a pfx, it doesn't have the information that it needs to work with SSL.

The easiest way to convert to a pfx is probably to import the certificate onto your local machine (using certmgr.msc), then export it making sure you select the "Yes, export the private key" option.

---

EDIT: After doing some more research after GregS' comment, the problem is still the same, you're pfx doesn't have the private key it needs to work with SSL, but the cause is actually that the .p7b file doesn't have a private key to begin with. You need to use a different certificate. There is already a question related to this on server fault.

Answer 3

I had the same problem trying to generate .pfx for Azure. The p7b certificate was generated by Thawte. After some research I was able to make it work.

1. Generate CSR (certificate request) from IIS. It could be your local IIS. https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO9171

2. Generate the certificate based on the CSR. The CA takes care of this. If you are generating a self-signed certificate you also could do that from ISS. This is important because when you import it (step 3) IIS will verify that the certificate was generated there.

3. Import the certificate to your local IIS. It must be a .cer file. Just open your p7b file and you will see the certificate chain in there. Export your domain certificate to a .cer file. Then you can use it to import it to IIS. https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10664

4. Export the certificate to .pfx from IIS. At this point the certificate contains an appropriate private key added by IIS. When you export it, IIS will ask you for a password. https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10034

Answer 4

I had exactly the same problem as you once and here is the story of that:

Windows Azure, SSL, Self-Signed Certificate and Annoying HTTPS Input Endpoint Does Not Contain Private Key Error