Creating and uploading a management certificate for the Azure Classic Provider

This topic describes the procedure to create and upload a management certificate for the Azure Provider. Creating and uploading a self-signed management certificate in the Microsoft Azure Classic Portal enables your Azure Provider user account to access the Microsoft Azure cloud services. 

The following sections outline the tasks for creating and uploading a self-signed management certificate for the Azure Provider subscription account:

About accounts and certificates

A Microsoft Azure account determines how Microsoft Azure usage is reported and who the account administrator is. Each account contains as few as one subscription or as many as 50. Subscriptions help you organize access to cloud service resources, and they help you control how resource usage is reported, billed, and paid for. For more information, see Manage Microsoft Azure accounts, subscriptions, and administrative roles in the Microsoft online documentation.

According to the Microsoft Azure subscription policy, you are entitled to upload up to 100 management certificates per subscription. However, you are limited to 100 management certificates for all subscriptions under the user ID for a specific service administrator. If the user ID for the account administrator has already been used to add 100 management certificates and more certificates are needed, you can add a co-administrator to add more certificates.

Before adding more than 100 certificates, try to reuse an existing certificate. Using co-administrators adds potentially unneeded complexity to your certificate management process. For more information, see Manage Certificates in Microsoft Azure in the Microsoft online documentation.

Prerequisites

Ensure that you have met the following prerequisites before you create or upload the certificate:

• Java 1.6.x and later is installed on the computer to be used, and you have the keytool.exe file in the bin folder to create the certificate.
• Created a folder (for example, C:\Azure\Certificate) in which to store the certificate file.
• Set the JAVA_HOME path and environment variables.
• Have an "Owner" role to upload a Management certificate on the Azure New Portal (Old portal has been deprecated by Microsoft). This role has full access to all resources including the right to delegate access to others.

_{Back to top}

Creating a management certificate

You must create a self-signed management certificate, which contains the private or public key. It provides the Azure Provider user account a unique identifier to host the cloud services in the Microsoft Azure Management Portal.

1. At the command prompt, navigate to the folder that you created to store the certificate file (for example, C:\Azure\Certificate).

2. To create a keystore, type the following command:

   keytool -genkeypair -alias mydomain -keyalg  RSA -keystore <Name of the 
   keystore. For example: MicrosoftAzureKeyStore.jks> -keysize 2048 
   -storepass "<Password for the keystore>"
    
   /** -keysize parameter is optional **/

3. Press Enter.

4. For the following questions, enter the answers in the formats listed in the following table.

   Question	Answer format
   What is your first and last name?	<John Lewis>
   What is the name of your organizational unit?	<RnD>
   What is the name of your organization?	<Msft>
   What is the name of your city or locality?	<Dallas>
   What is the name of your state or province?	<Texas>
   What is the two-letter country code for this unit?	<US>

5. To confirm that the answers you entered in step 4 are correct, enter y.
6. Press Enter.
7. Enter the keystore password that you specified in step 2.

8. Reenter the keystore password.
   The certificate file (for example, MicrosoftAzureKeyStore.jks) is created in the folder C:\Azure\Certificate.

   Note

   Ensure that you must copy this .jks file to your BMC Platform Manager server in the default location (<BMCCLM_HOME>\Platform_Manager) for the Azure Provider.

_{Back to top}

Exporting a management certificate

1. Navigate to the folder C:\Azure\Certificate.

2. To export a management certificate, type the following command:

   keytool -v -export -file C:\Azure\Certificate\MicrosoftAzureSMAPI.cer
    -keystore MicrosoftAzureKeyStore.jks -alias mydomain

3. Enter the keystore password.
4. Reenter the keystore password.
   The certificate file (for example, MicrosoftAzureSMAPI.cer) is exported to the folder C:\Azure\Certificate.

_{Back to top}

Uploading a management certificate

1. In your web browser, open the Microsoft Azure home page.

2. Log on to the Azure New Portal (Old portal has been deprecated by Microsoft) with your Microsoft Azure account credentials that has an "Owner" role.

3. Navigate to Microsoft Azure Settings.
4. Click the Management Certificate tab.
5. Click Upload.
6. Browse and select the certificate file MicrosoftAzureSMAPI.cer.
7. Click OK.
   The certificate file is uploaded and appears in the Microsoft Azure Management Portal.

_{Back to top}

Where to go from here

Registering the Azure Provider