[Update: With the November 2009 release of the Windows Azure Tools - this post is now obsolete - an updated post is available here]
Lately there has been a couple of threads on the forum and some internal email around setting up an https endpoint on a Windows Azure Cloud Service.
A good starting point is this article, but there are some common issues that people run into that I wanted to talk about.
First are the cert requirements.
When running on the Development Fabric, the certificate also needs to be self-signed – this is to prevent any security issues around leaking the private key of a real certificate.
Let’s walkthrough the steps to trying an https endpoint on the Development Fabric:
1) open the ServiceDefinition.csdef file in the CloudService project in Visual Studio and add a second InputEndpoint to the WebRole:
<InputEndpoint name="HttpIn" protocol="http" port="80" />
<InputEndpoint name="HttpsIn" protocol="https" port="443" />
2) If you have a self-signed certificate that meets the requirements above, you can skip ahead to step 9. Otherwise, let’s use the IIS manager to create a self-signed certificate
3) Open the IIS Manager and select “Server Certifiates”
4) On the right side under “Actions”, select “Create Self-Signed Certificate…”
5) Follow the steps in the IIS Manager and you’ll have a new self-signed cert that supports Server Authentication and has an exportable private key.
6) The newly created cert will be put in the Personal store in the Local Computer location. Windows Azure Tools (including cspack) look for the certs in the Personal store in the Current User location (we needed to settle on a location and didn’t want it to be one that requires admin elevation).
7) To move the certs to the Current User location, you can run mmc, add the Certificates snap-in for both “My User Account” and “Computer Account” and drag and drop the certificates to the Personal store in the Current User location. Alternatively, you can export and import.
8) If you ever export/import the cert, make sure you export the private key and on import mark the key as exportable:
9) Right click on the Cloud Service project in the VS Solution Explorer and click “Properties”. Click on the SSL tab and check to Enable SSL Connections under Development and click “Select from Store…”.
10) Select your certificate. Hit F5 to run.
11) Navigate to the https endpoint -- the browser will complain as expected because you are using a self-signed certificate:
12) To see the actual ports that were used for your service, you can bring up the Development Fabric UI (right click on the Development Fabric tray icon) and click on the Service Details for your Deployment:
13) When you are ready to publish to the real cloud, use the SSL Cloud Service settings to select a certificate for Publish – this is the certificate that is used when publishing for deployment.
Windows Azure Tools for Microsoft Visual Studio (includes SDK). If the release is still propagating, try the Direct Link
New for the May 2009 CTP:
Release notes/Known issues are available here
Visual Studio 2010 Beta 1 Support:
You can now use Visual Studio 2010 Beta 1 to build your Cloud Services. There are a couple of interesting things to note however:
Editing Role Properties
You can now use the Visual Studio Properties Window to edit some of the Role Properties like Enabling Full Trust and setting the instance count.
As always – we love getting your feedback, you can email me off this blog, visit our Forum or enter a bug.
Azure Services Platform Developer Challenge!
Everything you need to know from a page hosted on Windows Azure: http://www.newcloudapp.com/
Couple things to point out:
Pretty cool contest, can't wait to see the kinds of apps that get built -- Start your engines!