To install SSL Certificate on Microsoft Azure for an Application, please perform the following steps:


Step 1: Buy SSL Certificate & Generate CSR


First, you must purchase the SSL Certificate from a trusted Certificate Authority such as Symantec, Comodo, GeoTrust, Thawte or RapidSSL.

After purchasing, proceed with generating the Certificate Signing Request (CSR) on your server with the correct certificate information (i.e. common name, organization, key size, etc.). Once you’re done and the corresponding private key is saved in a safe location, continue with generating the certificate with the CSR and submit your information to the issuing Certificate Authority for processing.

Note: While generating CSR please select encryption as 2048 bit.


Step 2: Extract/Copy Certificate files on Server

After the validation process is completed, the issuing Certificate authority will email you the SSL certificate in a *.zip file. Download that file and extract all on your server directory where you wish to save all your certificate files.


Step 3: Azure Service Definition & Configuration file modification

To use the SSL certificate, your Application must be properly configured and the HTTPS endpoint is added. In order to configure the app & add HTTPS endpoint, you need to update the service definition and configuration file.


Service Definition File

1. Open the service definition file in your development environment and add the Certificates section below using WebRole tag.

<WebRole name="CertificateTesting" vmsize="Small">
<Certificate name="SampleCertificate"
storeName="Symantec" />


Here in this Certificates section, you can find the name of the certificate, name of the store, and the location of the certificate.


2. Here, in service definition file; to enable HTTPS, you need to add InputEndpoint element inside the Endpointsection using the following piece of Code.

<WebRole name="CertificateTesting" vmsize="Small">
<InputEndpoint name="HttpsIn" protocol="https" port="443"
certificate="SampleCertificate" />


3. To map the endpoint with HTTPS binding, you need to add Binding element into site section using following piece of code.

<WebRole name="CertificateTesting" vmsize="Small">
<Site name="Web">
<Binding name="HttpsIn" endpointName="HttpsIn" />


Server Configuration File

Open your service configuration (CSCFG) file “ServerConfiguration.Cloud.cscfg” and add a certificate section using Root tag, copy following piece of code.

<Role name="Deployment">
<Certificate name="SampleCertificate"
thumbprintAlgorithm="sha2" />

Note: Replace the thumbprint value with your value here, and keep thumbprintAlgorithm as Sha2.


Step 4: ‘Package and Certificate’ Upload

Use Azure Management Portal to Upload Package and Certificate. Your HTTPS endpoint has been added & deployment package updated.

1. Open your Azure Management Portal and Login

2. Click over New ≫Cloud Service ≫Customer Care

3. Now in the Create a Cloud Service section, enter the values of URL, region/affinity group, and subscription. Please make sure the “Deploy a cloud service package now” is checked.

4. Now click the Next

5. In the Publish your cloud service field, enter Deployment Name, browser your package & configuration location, select PRODUCTION as environment and then press the Next Make sure ‘Add certificates now´&‘Deploy even if one or more roles contain a single instance’ options are checked.

6. Add certificate dialog will display; here you need to enter the location of you SSL certificate and its password. Now click the Attach Certificate

7. In ATTACHED CERTIFICATES field your SSL certificate will be listed.

8. Now to create your cloud service click on the complete button

9. Once the deployment reaches to the ready status you’ll be able to move on to the next step.


Step 5: Connect to the role instance by making use of HTTPS

Now your deployment is ready & actively running on Azure which means you can connect to it via HTTPS.

1. In your Azure Management Portal, select the deployment you have created and then click the URL located under SITE URL.

2. Now in your web browser, modify the URL from HTTP to HTTPS and press enter to visit the page.


Note: If you want to use SSL for a staging deployment instead of a production deployment, you’ll first need to determine the URL used for the staging deployment. Deploy your cloud service to the staging environment without including a certificate or any certificate information. Once deployed, you can determine the GUID-based URL, which is listed in the management portal’s Site URL field. Create a certificate with the common name (CN) equal to the GUID-based URL (for example,, use the management portal to add the certificate to your staged cloud service, add the certificate information to your CSDEF and CSCFG files, repackage your application, and update your staged deployment to use the new package and CSCFG file.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles


Resolution If you have downloaded or received the Code Signing Certificate for Sun Java...


The following instructions help you get started. If you need more information, contact your...

Can you help me with Installing?

Of course we can, we are the SSL experts. You have 2 options: 1) You can contact our support team...

What's the type of Server I Have?

You will need to contact your hosting provider or System Administrator to find out the details...

What is Failed Security Review (FSR)?

It means that your order has been marked for an additional security review by GeoTrust. As part...

Powered by WHMCompleteSolution