Steps to install SSL Certificate on Microsoft Azure for an Application

Microsoft Azure

Step 1: Buy SSL Certificate & Generate CSR

First, you must purchase the SSL Certificate from a trusted Certificate Authority such as Symantec, Comodo, GeoTrust, Thawte or RapidSSL.

After purchasing, proceed with generating the Certificate Signing Request (CSR) on your server with the correct certificate information (i.e. common name, organization, key size, etc.). Once you’re done and the corresponding private key is saved in a safe location, continue with generating the certificate with the CSR and submit your information to the issuing Certificate Authority for processing.

Note: While generating CSR please select encryption as 2048 bit.

Step 2: Extract/Copy Certificate files on Server

After the validation process is completed, the issuing Certificate authority will email you the SSL certificate in a *.zip file. Download that file and extract all on your server directory where you wish to save all your certificate files.

Step 3: Azure Service Definition & Configuration file modification

To use the SSL certificate, your Application must be properly configured and the HTTPS endpoint is added. In order to configure the app & add HTTPS endpoint, you need to update the service definition and configuration file.

Service Definition File

1. Open the service definition file in your development environment and add the Certificates section below using the WebRole tag.

<WebRole name="CertificateTesting" vmsize="Small">
<Certificate name="SampleCertificate"
storeName="Symantec" />


Here in this Certificates section, you can find the name of the certificate, name of the store, and the location of the certificate.


2. Here, in service definition file; to enable HTTPS, you need to add an InputEndpoint element inside the Endpoint section using the following piece of Code.

<WebRole name="CertificateTesting" vmsize="Small">
<InputEndpoint name="HttpsIn" protocol="https" port="443"
certificate="SampleCertificate" />


3. To map the endpoint with HTTPS binding, you need to add a Binding element into site section using the following piece of code.

<WebRole name="CertificateTesting" vmsize="Small">
<Site name="Web">
<Binding name="HttpsIn" endpointName="HttpsIn" />


Server Configuration File

Open your service configuration (CSCFG) file “ServerConfiguration.Cloud.cscfg” and add a certificate section using Root tag, copy following piece of code.

<Role name="Deployment">
<Certificate name="SampleCertificate"
thumbprintAlgorithm="sha2" />

Note: Replace the thumbprint value with your value here, and keep thumbprintAlgorithm as SHA-2.

Step 4: ‘Package and Certificate’ Upload

Use Azure Management Portal to Upload Package and Certificate. Your HTTPS endpoint has been added & deployment package updated.

1. Open your Azure Management Portal and Login

2. Click on New ≫Cloud Service ≫Customer Care

3. Now in the Create a Cloud Service section, enter the values of URL, region/affinity group, and subscription. Please make sure the “Deploy a cloud service package now” is checked.

4. Now click the Next

5. In the Publish your cloud service field, enter Deployment Name, browser your package & configuration location, select PRODUCTION as an environment and then press the Next Make sure ‘Add certificates now´&‘Deploy even if one or more roles contain a single instance’ options are checked.

6. Add certificate dialog will display; here you need to enter the location of your SSL certificate and its password. Now click the Attach Certificate

7. In ATTACHED CERTIFICATES field your SSL certificate will be listed.

8. Now to create your cloud service click on the complete button

9. Once the deployment reaches to the ready status you’ll be able to move on to the next step.

Step 5: Connect to the role instance by making use of HTTPS

Now your deployment is ready & actively running on Azure which means you can connect to it via HTTPS.

1. In your Azure Management Portal, select the deployment you have created and then click the URL located under SITE URL.

2. Now in your web browser, modify the URL from HTTP to HTTPS and press enter to visit the page.

Note: If you want to use SSL for a staging deployment instead of a production deployment, you’ll first need to determine the URL used for the staging deployment. Deploy your cloud service to the staging environment without including a certificate or any certificate information. Once deployed, you can determine the GUID-based URL, which is listed in the management portal’s Site URL field. Create a certificate with the common name (CN) equal to the GUID-based URL (for example,, use the management portal to add the certificate to your staged cloud service, add the certificate information to your CSDEF and CSCFG files, repackage your application, and update your staged deployment to use the new package and CSCFG file.

Important Resources

Related Posts

Microsoft Azure SSL Certificates

Microsoft Azure server only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.

Shop UCC SSL Certificates

Shop SAN SSL Certificates


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.