Background: I need to test an https endpoint for a WebRole on Windows Azure. For that I need to upload a self-signed certificate, add the certificate's thumbprint to the WebRole's configuration and finally associate the endpoint with that configured certificate.
I created a self-signed certificate using makecert.exe, which is available through the Visual Studio Command Prompt. I used the following command:
makecert.exe -r -pe -n "CN=test.cloudapp.net" -sky exchange -ss my -len 2048 test.pfx
The command succeeds and I can upload the certificate file to the Windows Azure hosted service. But deployment of the WebRole fails with the following error:
Certificate with thumbprint 6AB... associated with HTTPS input endpoint Endpoint2 does not contain private key.
I have to export the certificate from the my store, and choose to include the private key and provide a password. If I upload this exported certificate file and use its thumbprint, then deployment succeeds.
I want to create a certificate file that includes the private key, without first saving the certificate to any store and exporting it from the store. Is that possible using makecert.exe?
To create a certificate without saving it to any store you'll need to use pvk2pfx.exe (available through the Visual Studio Command Prompt).
It works like this:
Running makecert.exe will aks you for a password for the private key. You'll need to enter that password for the -po argument of the pvk2pfx.exe command.
Finally you'll have a pfx file (containing private key) named MyPFX.pfx