Certificate error when deploying DotNetNuke on Windows Azure
After a busy January I’m back again to write some pending entries that I have promised to some people. There are lots of things to tell after the DNN-Cloud session in the DNN Europe Task Force Meeting 2012, things like: how to upgrade a DNN version on Windows Azure, how to do backup and restore operations, how to move an instance from on premise to Azure and vice versa, etc. so let start one by one.
To begin, let’s see how to solve a typical error when deploying DNN on Windows Azure, since at least 4 people have asked to me how to fix it in the past two weeks. The error message appears when you deploy the package on a service, and means that the certificate specified in the service configuration file is not configured on the Windows Azure service:
“The certificate with thumbprint ‘XXXXXXXXXX’ is missing for hosted service ‘YYYY’. Please install the certificate for this hosted service.”
This is because you didn’t upload correctly the certificate, which is used to encrypt communications while using RDP or Windows Azure connect (Virtual Network).
NOTE: in future versions of DNN Azure Accelerator this problem will be fixed using another method for uploading the package, using the Windows Azure publishing settings. Meanwhile, you have to upload manually the certificate to Azure as specified below.
The error refers to the certificate used in the DNN Azure Accelerator to configure RDP. In fact, there is a text indicating that you have to upload this certificate to the hosted service on Azure, but actually there is not much help on how to do this, because although currently the Accelerator automatically generates the certificate in a “.cer” file in the wizard folder, it must be imported into Windows Azure as a “.pfx” file.
How to export the certificate in PFX format?
To export the certificate in PFX format from the DNN Azure Accelerator wizard RDP step, follow these steps:
- Click “View…” to see the certificate that has generated the wizard
- Go to the tab “Details”. In the certificate properties, we can see the “Thumbprint” of this certificate, which is precisely the one referred by the error and stored in the service configuration file.
- Click the “Copy to File…” to open the export wizard indicating that you want to export the private key. This is mandatory to export in PFX format.
- In the next step, select the format “PFX” and activate the check boxes for “Include all certificates in the certification path if possible” and “Export all extended properties”. Uncheck the box “Delete the private key if export is successful”, as means to delete it from your local computer certificates storage instead of the exported file.
- In the following steps specify a password to be used while importing into Azure and finally a filename for the certificate.
With this we have exported the PFX file.
How to import the certificate on Azure?
This step is very well documented in numerous websites and in Windows Azure’s help, but here again to not have to open another page and for printing purposes –remember to save the trees!:
- Open the Windows Azure Administration console and access the hosted service settings, selecting the service certificates folder you want to configure.
- Press the “Add Certificate…” button to upload the “PFX” file that we have exported typing the password used before.
Once that is done, we can see that the certificate was successfully uploaded and that in the certificate details the “Thumbprint” is also there.
I closed the Accelerator and now I do not know how to re-export the certificate
It may happen, or at least that’s what happened to those who asked me about this problem, you forget to export the certificate in PFX format when using the DNN Azure Accelerator. Is there another way to export if I closed the assistant and/or deleted the “.cer” file that was created in the wizard folder?
There are several methods to accomplish that, but for simplifying the shortest is:
- In a command line console, type “certmgr.exe” to open the certificates management console in the folder “Personal\Certificates”
- If you remember the “FriendlyName” that you used in the DNN Azure Accelerator, select it. If not or not be sure of which certificate you used on the wizard, you will have to open one by one and select the one with the property “Thumbprint” which matches the error message –the property is on the Details tab page.
- Right-click on “All tasks>Export…” to start the export process mentioned in the previous section
With this, once we have exported and loaded the certificate in the same way as indicated in the previous steps, we can deploy our service without problems.
Hope this helps. More tomorrow!