Export SSL certificate to PFX and add to Azure Web Apps

The article is a short guide or even a small cheat sheet for activating your SSL certificate to Azure Web Apps.

The article is not about what SSL certificates are for assuming that you already know. Also for more detail tutorial, you can check out Microsoft article called Bind an existing custom SSL certificate to Azure Web Apps.

When you purchase SSL certificate from a Certificate authority (CA), you are receiving the certificate and the private key. They could be and just plain text within an email or files that can open with any text editor for example Notepad.

The certificate or a chain of certificates begin and end with the following format:

-----BEGIN CERTIFICATE-----
<long string>
-----END CERTIFICATE-----

Additionally, you are receiving a private key in a separate file or email with a similar format:

-----BEGIN PRIVATE KEY-----
<long string>
-----END PRIVATE KEY-----

Different platforms support different formats for SSL certificates like .cer, .pfx, .pvk or in plain text. In this case Azure requires PFX.

Creating PFX file

1. Download the latest Third Party OpenSSL Distribution. I found the link from the OpenSSL wiki. At the time I am writing the article the newest OpenSSL for Windows is OpenSSL-1.0.2n-x64_86-win64.zip.

2. Extract the archive in a preferred location.

3. The certificate usually is composed of a couple of long strings, and you need to merge them into one file.

   • Create new file merged.crt with a text editor and save it into the OpenSSL distribution folder.
   • Put all the certificates into merged.crt. The content should look like something like:

   -----BEGIN CERTIFICATE-----
   <long string>
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   <long string>
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   <long string>
   -----END CERTIFICATE-----

4. Create new file private.key with a text editor and save it into the OpenSSL distribution folder.

   • Put the private key content into the file. The content should look like something like:

   -----BEGIN PRIVATE KEY-----
   <long string>
   -----END PRIVATE KEY-----

5. In OpenSSL distribution folder open openssl.exe as administrator.

6. Run the following command:
   pkcs12 -export -out myserver.pfx -inkey private.key -in merged.crt

7. You will be prompted to create a password and to confirm it.

8. The PFX file is created into the OpenSSL distribution folder.

Activating SSL certificate in Azure

1. Open Azure Portal and navigate to your web app.
2. Choose SSL certificates from the left navigation.
3. Click Upload Certificate and select the myserver.pfx file.
4. Type the same password you have created for the PFX file and then click the Upload button.
5. To bind the certificate with a domain, you need to click on Add binding.

These are the steps you need to take when binding your SSL certificate with your domain through Azure. If you need a more detailed guide, I recommend Microsoft article mentioned above Bind an existing custom SSL certificate to Azure Web Apps.