Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Create and upload management certificate for the Azure Provider

This topic describes the procedure to create and upload a management certificate for the Azure Provider. Creating and uploading a self-signed management certificate in Microsoft Azure enables your Azure Provider user account to access the Microsoft Azure cloud services. 

A Microsoft Azure account determines how Microsoft Azure usage is reported and who the account administrator is. Each account contains as few as 1 subscription or up to 50. Subscriptions help you organize access to cloud service resources, and they help you control how resource usage is reported, billed, and paid for. For more information, see Manage Microsoft Azure accounts, subscriptions, and administrative roles.

Note

As per the Microsoft Azure subscription policy, you are entitled to upload up to 100 management certificates per subscription. However, you are limited to 100 management certificates for all subscriptions under the user ID for a specific service administrator. If the user ID for the account administrator has already been used to add 100 management certificates and more certificates are needed, you can add a co-administrator to add more certificates.

Before adding more than 100 certificates, try to reuse an existing certificate. Using co-administrators adds potentially unneeded complexity to your certificate management process. For more information, see Manage Certificates in Microsoft Azure.

The following sections outline the tasks for creating and uploading a self-signed management certificate for the Azure Provider subscription account:

Recommendation

The following sections describe a typical method for creating and uploading a self-signed management certificate for the Azure Provider. However, you can follow any approved method for creating and uploading a management certificate in Microsoft Azure. For more information, see Create and Upload a Management Certificate for Microsoft Azure.

Prerequisites

Ensure that you have met the following prerequisites before you create or upload the certificate:

  1. JDK1.6.0_21 is installed on the computer to be used, and you have the keytool.exe file in the bin folder to create the certificate.
  2. Created a folder (for example, C:\Azure) in which to store the certificate file.
  3. Set the JAVA_HOME path and environment variables.
  4. Have an "Owner" role to upload a Management certificate. This role has full access to all resources including the right to delegate access to others.

Create a management certificate

You must create a self-signed management certificate, which contains the private or public key. It provides the Azure Provider user account a unique identifier to host the cloud services in the Microsoft Azure Management Portal.

To create a self-signed management certificate

  1. In the command prompt, navigate to the folder that you created to store the certificate file (for example, C:\Azure).

  2. To create a keystore, type the following command:

    string - keytool -genkeypair -alias mydomain -keyalg  RSA -keystore <Name of the keystore. For example: MicrosoftAzureKeyStore.jks> -keysize 2048 -storepass "<Password for the keystore>"
  3. Press Enter.

  4. For the following questions, enter the answers in the formats listed in the following table.

    Question

    Answer format

    What is your first and last name?

    <John Lewis>

    What is the name of your organizational unit?

    <RnD>

    What is the name of your organization?

    <Msft>

    What is the name of your city or locality?

    <Dallas>

    What is the name of your state or province?

    <Vegas>

    What is the two-letter country code for this unit?

    <NY>

  5. To confirm that the answers you entered in step 4 are correct, enter y.
  6. Press Enter.
  7. Enter the keystore password that you specified in step 2.
  8. Reenter the keystore password.
    The certificate file (for example, MicrosoftAzureKeyStore.jks) is created in the folder C:\Azure\Certificate.

Export a management certificate

Perform the following steps to export a management certificate:

  1. Navigate to the folder C:\Azure\Certificate.

  2. To export a management certificate, type the following command:

    string - keytool -v -export -file C:\Azure\Certificate\MicrosoftAzureSMAPI.cer -keystore MicrosoftAzureKeyStore.jks -alias mydomain
  3. Enter the keystore password.
  4. Reenter the keystore password.
    The certificate file (for example, MicrosoftAzureSMAPI.cer) is exported to the folder C:\Azure\Certificate.

Upload a management certificate

Perform the following steps to upload a management certificate:

  1. In your web browser, open the Microsoft Azure home page.
  2. Log on with your Microsoft Azure account credentials that has an "Owner" role.
  3. Navigate to the Microsoft Azure Settings.
  4. Click the Management Certificate tab.
  5. Click Upload.
  6. Browse and select the certificate file MicrosoftAzureSMAPI.cer.
  7. Click OK.
    The certificate file is uploaded and appears in the Microsoft Azure Management Portal.

Where to go from here

Registering-the-Azure-Provider-instance

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*