As I wrote earlier this week, the Silverlight-based Management Portal may be the best feature of Azure’s 1.3 release. It is a handsome UI, Azure components are far easier to access, and (most importantly) the amount of time required for common tasks is sharply reduced.
This post is only partly about the Management Portal, however. The certificate generating code in the Azure Tools for VS 2010 is also involved.
Although it’s nice to be able to create the necessary management certificate from within Visual Studio, the resulting certificate naming is confusing. The following dialog shows an existing certificate and the selection for creating a new certificate.
When this tool creates a certificate, it sets the Friendly Name you entered and sets Issued By to Windows Azure Tools. No big deal, right? Right – until you add the certificate via the Azure Portal….
This view of the portal shows the Management Certificates, but you can’t really tell which is which. For example, which of the two certificates corresponds to the one with Friendly Name: Deployment Credentials in the Azure Tools dialog? You really can’t tell unless you are able to distinguish them by their thumbprints or validity dates. Why doesn’t Deployment Credentials appear in one of the fields? Well, let’s take a quick look at the certificate in Certificate Manager (certmgr.msc).
When Azure Tools created the certificate, it set Windows Azure Tools in the Issued To and Issued By fields. The name I provided the tool appears in the Friendly Name field. I’m glad that I can distinguish the certificate in my local store with the friendly name, but it’s only known in my local store. That’s the problem: Friendly Name is not part of the certificate; it’s metadata associated with the certificate, and only locally.
What’s A Better Way?
Instead of using the Azure Tools to create a certificate, use the MakeCert tool. Azure only accepts certain certificates (X.509, 2k-bits, SHA1, etc.), so you have to provide a few specific parameters. Here’s a sample command line:
makecert -sky exchange -r -n “CN=<CertName>” -pe –a sha1 -len 2048 -ss My “<CertFileName>”
where CertName specifies the name you want to appear in Name field in Management Certificates of the management portal, and CertFileName specifies where to store the certificate file on your local drive.
Now, when you upload the certificate to the management portal, you can easily distinguish the certificates.
Then, when you Publish from Visual Studio, simply choose the appropriate certificate from the list.
Admittedly, the Friendly Name isn’t set, but you have no trouble distinguishing between certificates in either Visual Studio or Azure’s Management Portal.