Tuesday, 13 December 2016

Free SSL for all - well Azure in this case

These days secure websites are essential where private data is being passed and I came across letsencrypt.org who are issuing free certificates.

I've had fun and games before getting certificates into Azure. Using certreq and/or certmgr.msc on a windows PC being fussy about where and how the CSR was generated, after you have already obtained a .crt, trying to generate the pfx Azure wants.

Here's a relatively painless way of getting things playing nicely together,

  • zerossl.com has a simple interface for generating what's needed.
    Go to https://zerossl.com/free-ssl/#crt and fill in your email and domain and click next a few times to allow it to generate a csr.

  • Download the account-key.txt, domain-csr.txt, domain-key.txt and domain-crt.txt along the way for safe keeping.
  • Download the latest openssl for your OS here https://indy.fulgan.com/SSL/
  • Run
    openssl.exe pkcs12 -export -out myserver.pfx -inkey .\domain-key.txt -in .\domain-crt.txt
  • Upload the myserver.pfx into Azure portal in the certificates section and allocate it to the domain.


To my amazement it works a treat and as long as you put a reminder in your diary, and you renew before the certificate expires in 90 days, you'll have free secure sites.

Update: