Introduction
You created my Azure WCF RESTfull service, uploaded it to Azure, tested and you're ready fro production but...you don't want to work using open HTTP protocol and want to have secure HTTPS connection. I thought that the change is pretty symple change binding from webHTTPBinding to something like webHTTPSBindning. But the reality is a little bit different. To make my RESTfull service working over HTTPS I had to play with it a little bit, read dozens of different articles and compile something that finally worked for me. Below is my version how to change your default HTTP protocol configured in Azure service to HTTPS.
Steps
- We need to create a certificate. For this purpose there can be used 3rd party vendor that provides certificate or we can do it by ourselves using windows tools. I choose second option. For this purpose you need to run development console from VS tools. NOTE: command prompt should be run as administrator
- When console is executed you need to run following command there to create certificate:
makecert -r -pe -n CN=ispeakSSLCert -sky signature ispeakSSLCert.cer -sv ispeakSSLCert.pvk
In this command iSpeakSSLCert is the name I choose for certificate. I correlates with my cloud application name: ispeak
When command run it creates certificate and asks you for a password for key:
And verifies it
When everything is done you'll see "succeeded" in console
- Next step we create .pfx file that is actually storing for certificate. For this purpose we run next command using password from step above:
pvk2pfx -pvk ispeakSSLCert.pvk -spc ispeakSSLCert.cer -pfx ispeakSSLCert.pfx -pi the-password-you-used
If you don't see any errors on this step it means you’re succeeded
- Next step is to open C:\Windows\SysWOW64 (if you’re using 64-bit Windows 8) or C:\Windows\System32 (if you’re using 32-bit Windows 8) and you’ll see the files
- Now let's install our certificate on local system by double-clicking .cer file :
- You can run command certmgr.msc to open certificates management application and there you can see your certificate
- Next in visual studio navigate to web role properties:
- In properties window open Certificates and press "Add Certificate"
- Give the certificate a name, select “Local Machine” for the store location, select “My” for the store name, and click “…” in the thumbprint part to select the certificate we’ve created from the list
- After certificate is added we need to add also HTPS endpoint as shown in screenshot below:
- After all these things are configured make sure that you ServiceConfiguration.Local and ServiceConfiguration.Cloud files contain certificates section as shown below for my example:
<Certificates>
<Certificate name="iSpeakCerfificate" thumbprint="7631B8220A6A7C4BE63A752F0FE59F00A5E61030" thumbprintAlgorithm="sha1" />
</Certificates>
- You should also check service definition file for section with certificates as well:
<Certificates>
<Certificate name="iSpeakCerfificate" storeLocation="LocalMachine" storeName="My" />
</Certificates>
- Now the most important part: make sure your binding contains <security mode="Transport" />
- That's it. After all these things done I was able to run my service via HTTPS and HHTP with 2 endpoints at the same time:
At the moment both my endpoints opened using same binding and basing on this HTTP one doesn't work. Because of changes in security mode. I've removed HTTP binding at all from my solution and work only via HTTPS.