Web Role – Generate and Install certificate

Web role is a fully managed platform-as-a-service(PaaS) to host web application in the cloud. It is indeed one of the oldest PaaS offerings in Microsoft Azure portfolio. Besides the web role, Azure App service and virtual machine can also host web application but there are subtle differences among them. In order to decide which one and when to use, check the guidelines published here.
In general, the web application requires secure data transmission(SSL/TLS) over the network wire. The web application uses SSL certificate to secure the data transfer. You can create the SSL certificate using makecert command or procure it from the certificate issuing authority(CA). It is a common practice to use SSL certificate for the application in live environment to minimize the data theft.

Install SSL Certificate to web role

There is a simple process to install SSL certificate for web role. Web role has a Certificates section to install the SSL certificate (.pfx or .cer file). It is a two step process. First of all, you upload the certificate to the Certificates section and then update the certificate thumbprint in the service configuration file.

Generate SSL Certificate for web role

The CA needs a new CSR to generate the certificate. You can use the development machine(with IIS installed) to generate the CSR. Please remember to use the same machine to create the pfx file. Open IIS from the machine and select “Server Certificates” and “Create Certificate Request“. Consequently the following dialog comes up and fill it with the proper information.
Once done, it would ask to save the CSR file in the local machine and send it to the CA. The CA will process the request and return the .p7b/.cer file. Upon receiving the .p7b file, open the IIS in your local machine and select “Server Certificates” and “Complete Certificate Request” to generate the .pfx format. The web role Certificates section can accept the .pfx file to upload. Additionally, the steps are shown in the flowchart below