A Guide To Install SSL Certificate For Your Website Hosted on Azure.

SSL certificates help your websites stay anonymous to hackers. They use cryptographic encryption to ensure that the communication between your web server and the user’s device remains secure. Unfortunately, increasing cyberattacks are already making website security critical for organizations.

Take an example of Microsoft’s cybersecurity scare in 2022. A collective group called Lapsus$ attacked Microsoft, claiming to infect services like Cortana, Bing, and others. They took a snapshot of the attack and posted it on the Telegram channel.

It shows that data security is essential, and you will need SSL certificates even if your website is hosted on secure cloud servers like Microsoft Azure. SSL certificates enable website security through an encryption-decryption approach. Many different types of SSL certificates are there that you can use for website security.

For example, if you have multiple subdomains, you will need more than one SSL certificate, which is where buying a low priced or cheap wildcard SSL comes into play. It allows organizations to secure multiple domains through one SSL certificate at discounted price.

However, buying a cheap wildcard SSL certificate does not guarantee website security if you have not installed it appropriately. Therefore, here is a comprehensive guide on installing an SSL certificate on your Microsoft Windows Azure server. First, let us begin by understanding the SSL certification process!

What is an SSL certificate?

Secure Socket Layer or SSL is an encryption-based digital certificate that ensures security for your website. There are two types of encryption methods like asymmetric and symmetric. SSL certificates use both asymmetric and symmetric encryption for higher website security.

Your server will send a copy of the asymmetric public key to the browser
A browser will create a symmetric session key and encrypt it with the public key provided by the server.
The browser sends the session key to the server.
All the data exchanged is encrypted and decrypted with a symmetric session key, which creates a secure communication channel.

The SSL certificate process begins with the generation of a Certificate Signing Request (CSR). Further, a certificate authority (CA) will verify your organization or business before issuing the SSL certificates.

CSR generation

CSR generation in Azure is not straightforward. Microsoft Azure is a cloud service; you can install the SSL certificate through the Azure console. Therefore, you need to generate CSR through Internet Information Services on your local machine.

Further, you will have to import an SSL certificate from the bundle provided by CA. Next, you will have to export the certificate file in the PFX extension to install it on the Azure portal. Therefore, it is essential to understand each step of the installation process. Here we will discuss all the steps, from buying a cheap wildcard SSL certificate to installation and verification.

Installation of SSL certificate on Microsoft Azure Portal

After you generate CSR, the certificate is issued. Next, you will import the certificate on the local machine and export the PFX file. Here is how to import the PFX file,

Search and open IIS on your local machine

Choose the server certificate option in the window of IIS

Click on the import option and choose the file format as the PFX file path.

Once you import that file, it will appear in the server certificates window from where you can export it. Another way to export the PFX file is to use the OpenSSL command line. However, first, you must install the OpenSSL on your local machine to create the PFX file.

Now, you can convert a PEM certificate file to a PFX extension by using the following command,

openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile typo.crt

Here typo. crt is the name of the bundle provided by your CA.

Similarly, you can convert PKCS#7 into PFX or PKCS#12 format through,

openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile typo.crt

Now you have the PFX file, and the next step will be to install it on the Azure portal.

Installing the certificate on the Azure portal

Microsoft Azure portal provides enhanced features for managing applications and web applications. Once you have the PFX file, open the Azure portal and log in with your credentials.

On the portal, go to your website’s tab and select the “Configure” option
You can find the “Subject“ under the Certificates option to upload the certificate
Next, choose the file from your local machine in the Browse Files option
Once you select the certificate file to upload, choose the type of SSL configuration,
IPL-based SSL is a method where your domain name is mapped with the IP address.
SNI SSL - This is an approach where multiple domain names share a single IP address, each with SSL certificates.
Once you have selected the SSL configuration, click on finish to complete the installation process.

Conclusion

SSL certificates help organizations secure their websites hosted on the cloud, virtual machines, and local servers. For example, installing the SSL certificate on your Azure servers will ensure protection against MITM (Man-in-the-middle) attacks.