I've a WCF that runs in Azure as a Cloud Service (with out SSL).
I have implemented on the same project SSL, locally. (with self-sign certificate)
After I experimented locally and saw that everything works well, I purchased real certificate on Go Daddy, now I need to figure out a couple of points:
I saw a couple of articles that shows how to set the configuration of a role in order to publish the WCF to Cloud Service with HTTPS. In those articles they adding the certificate by choosing from the certificates that installed on the computer and then associated the certificate to the HTTPS endpoint.
- In order to associated certificate to the WCF I must have the certificate installed locally ?
- There is an "Management Certificate" option on Microsoft Azure Portal under Settings to upload certificates and manage them, Do I need to upload my certificate with this option ?
- Do I need to installed the certificate manually (like I did with the self-sign cert', configure it in IIS and go to MMC and move the cert to "Intermediate Certificate Authorities" and etc)
- If I need to do it manually (the answer to question 3 is positive) how can I auto-scale my service? because the process will need to be automated.
Best How To :
Go to your .CSDEF and add these 3 tags (change accordingly):
<WebRole name="CertificateTesting" vmsize="Small">
<Certificate name="SampleCertificate" storeLocation="LocalMachine" storeName="CA" />
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="SampleCertificates" />
<Binding name="HttpsIn" endpointName="HttpsIn" />
Next, open your .CSCFG and add:
<Certificate name="SampleCertificate" thumbprint="9427befa18ec6865a9ebdc79d4c38de50e6316ff" thumbprintAlgorithm="sha1" />
Replace thumbprint and thumbprintAlgorithm with the one of your certificate.
Finally use Azure portal to upload the deployment package and the certificate or add it to the certificates tab. You have to export the certificate with the private key in order to work.
More details on this link: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
Answering you last question: As you've upload the certificate with the package, auto scale will use this package to provision the new servers.