This is a step-by-step process of how I secure a web application in Microsoft Azure by applying a security certificate. I have completed the SSL process many times, but previously my memory has failed me and I have took the wrong steps in applying the certificate to a web application. Hopefully this will be useful to someone, but I know it will be my documentation to fall back on everytime I apply a security certificate to a web application.
The purpose of a security certificate is to keep data sent across the internet encrypted. From the client's computer to the destination server, there will be multiple nodes the data will travel through and your data could be exposed or readable if not secured. When an SSL certificate is used, the information becomes unreadable except for the requested server. SSL Certificate provides encrption, but it also provides authentication, trust, and PCI compliance.
First, I purchased a SSL certificate from GoDaddy and my control panel gives me the option to set up the certificate. Click the Set Up button.
After confirming the setup, your control panel will update and select the Manage button.
Next, I have to provide a Certificate Signing Request (CSR). This is a message that I will generate from my computer using IIS Manager and send to GoDaddy.
Open IIS Manager by typing "IIS" in the windows search. Click on "Server Certificates" and then on "Create Certificate Request."
Enter the requested information and click the next button.
Select "Microsoft RSA SChannel Cryptographic Provider" and a bit lenth of "2048".
Finally, select where you want to save the CSR file.
Now it's time to provide GoDaddy with the certificate request. Navigate to the directory where you saved the cert.txt file and open it. Copy all of the content and paste it in the GoDaddy CSR textbox, then click "Request Certificate".
Give GoDaddy a few minutes to process the request.
Once GoDaddy issues the certificate, click on the domain name to view the details, then click "Download".
Select "IIS" as the server type and click the "Download Zip File" button.
First, unzip the file. Next, within IIS and under "Server Certificates", click "Complete Certificate Request."
Navigate to the unzipped files directory. For the file type dropdown, select *.* which will display all files. Next, select the .crt file.
Give the certificate a friendly name and click the "Ok" button to finish.
The certificate is now registered in my local IIS.
Next, right click on the .p7b file that was included in the GoDaddy zip file and choose "Install Certificate."
The Certificate Import Wizard will walk through a few simple steps and click the "Finish" button.
Now it's time to export the certificate as a .pfx file so we can upload to Azure. Within IIS, right click on the imported certificate and select "Export."
Provide a file path to save the .pfx file. Create a password, this will be used to upload on Azure.
Done. Now it is time to upload to Azure.
Log into the Azure portal and select the resource group that contains the web application which the SSL certificate will be applied.
Click on "SSL Certificates" and "Upload Certificate."
Locate the .pfx file and enter the password created during the export certificate process, then click "Submit."
With the correct password and .pfx file, the certificate will display in the list. Click on "Add binding."
Next, let's bind the certificate to the assigned web application. Select the hostname, certificate, SSL Type, then click "Add Binding."
That's it. After the certificate is successfully binded to the domain, it will appear on the SSL list.
The web application will now send encrypted data from the server to the client.