Windows Azure - Overview of Certificates in Azure application

Introduction:

This article is about what are certificates in Windows Azure,

Overview:

Certificates are nothing but an electronic signature which provides trusted information to the web, where certificates contains the owner information like owner name, owner email id, owner certification usage, duration of validity etc.
Windows Azure uses two types of certificates, namely:
  • Management Certificates
  • Service Certificates
Management Certificates are stored at the subscription level and are used to enable Azure using the SDK tools and these certificates are independent of any hosted services.

Service Certificates are stored at the service level and can be used by the deployed services as and when required.

Certificates used in Windows Azure can be Self Certified or can be certified from a third party as a trusted certificate. Self Certified applications are created by the owner themself, since the web browsers will not accept the certificate and we get a Security Alert message indicating the Certificate issue. But still the end users can continue to load the page by bypassing the security alert.

Certificates used in Windows Azure can be of a Public or a Private certificate Key which Azure applications uses to trust the users by loading the Private key. The certificates keys for Windows Azure are:
  • Management Certificate key (.cer Certificate file)
  • Service Certificate key(.pfx Certificate file)

Management Certificate:

This certificate requires the client connecting to the certificate to be trusted and have a private key and it provides access to the subscription of Windows Azure and this can contain x.509 v3 certificates which can have only Public keys.

Service Certificate:

This certificate provides a secure connection over the web for the application or a service over HTTPS enables process. Service certificates also uses  x.509 v3 certificates uploaded to Windows Azure and maintains the service hosted process. Service certificates as used for both SSL and Remote desktop encryption process with a private key.
Some of the primary uses of Service Certificate are as follows:
  • Encryption - RDP password encryption.
  • Server - SSL for secure web pages.
  • Mutual Authentication - WCF authentication.

Conclusion:

So in this article we have seen what exactly a Certificate means to Windows Azure and the various types of certificates to be selected based on the requirement.