Windows Azure certificate with thumbprint ... is missing for hosted server StockTraderWebApp

Question

Hi,

I am having trouble deploying the web role as per page 26 of the "Microsoft .NET StockTrader 5.00 ReadMe for Windows Azure" Basically, when I try to publish using AzureStockTraderWeb_Deploy, it complains with:

Error: The certificate with thumbprint '5405D9A8AB2A303D4E772C444BC88C3B97F55F78' is missing for hosted service 'StockTraderWebApp'.  Please install the certificate for this hosted service.  Find more solutions in the Windows Azure support forum (http://go.microsoft.com/fwlink/?LinkID=206235).

I can't see anyone else with this problem.

I believe I caused this by firstly trying to perform an automatic deploy using the Publish wizard in VS2010. It asked me if I wanted to generate certificates for deployment, and I ticked the box to say yes. But now I can't do a manual deployment.

How do I get around this, or alternatively, where does that certificate reside?

Answer 1

Ok, the cause of this was ticking the "Enable Remote Desktop for all roles" when I right-click AzureStockTrader and click Package.

This modifies the ServiceConfiguration.cscfg and servicedefinition.csdef files, adding in the required certificates.

The certificates are in there and viewable, but I havein't found out how to get the certificates out of there and load them up to the site.

In fact, after unticking the "Enable Remote Desktop for all roles" check box, it didn't remove the settings.

Right-clicking Trade_WebRole, then clicking Properties does show the settings under the Settings tab, and the new certificate under the Certificates tab. But you can't seem to delete those settings or the new certificate.

If anyone can tell me how to undo that, it would be much appreciated, as I will otherwise need to delete the folder, then run a repair using the Stocktrader installer.

Answer 2

Basically, the best way to deploy the Azure apps is to first create, in Azure, a Hosted Service domain but choose Do not Deploy.  This will create an empty Hosted Service.  Next, for the Web app, you want to click on the Certificates Folder for the hosted Service, in the Win Azure Management Portal.  You will then upload two certificates, located in the \stocktrader\certs folder on the PC you installed StockTrader to.  They are:

 StockTraderWebAppSSL.pfx and StockTraderBSLClient.pfx

The password for both, when prompted during the certificate upload, is mike1#Brown.   Now you have a blank hosted service, with the required certificates and are ready to publish the AzureStockTrader Web App to this hosted service.  If you have not modified the installed VS Solution, you want to open the AzureStockTrader Solutioin (Web app), and build the solution.  Next you want to right click on the Blue Globe icon for the Azure project and choose "Package" (not Publish).  This will create a package you can separetly upload to Azure via the Azure Management Console.  It will place the package in the azurestocktrader\bin\release\app.publish or \bin\debug\app.publish depending on the build type.  Once the package operation is complete, VS should open a folder showing the correct directory.

Next, go back to the Windows Azure Management Portal, open the AzureStockTrader hosted service (which has the certificates but not a deployed app yet), and at top of management portal click "New Production Deployment".  A wizard will appear where you will browse to the local \bin\release\app.publish folder and choose the package, and then next browse/choose configuration file in the same directory.  Then click OK and the app will upload.  This way of publishing does not require any VS configuration for your Azure subscription, and remote desktop does not need to be configured (you can do both also if you wish later).

If you have changed the VS solution certificates, its important that you have the two default certificates configured in the Solution, and the correct endpoints. Right-click Trade_WebRole in VS (in the Azure project), and bring up properties. Under Certificates you should see:

1. AzureStockTraderBSLClient.Com, LocalMachine, Trusted People thumbprint is

EB0C8C302C4F5E22E4492006F1D16D01008E7826

2. AzureStockTraderWebAppSSL.Com, LocalMachine, Trusted People, thumbprint is

D5394450C339FDA0FD03A7A131CA0142BC80EE68

Next, under the Endpoints tab, make sure there is an endpoint called HttpsEndpoint, type=Input, protocol=https, port=443, and CertificateName=StockTraderWebAppSSL.Com

there should also be a second endpoint, NodeServiceEndpointHttp, type=internal, protocol=http, port=dynamic, Certificate=(none--not applicable)

-Greg

---

Greg Leake, Microsoft

Answer 3

Yes I did all that and did get it working. The issue was when I ticked the "Enable remote desktop for all roles." It added a bunch of settings and new certificates. But when I unticked the box it didn't subsequently remove them. This meant that I could no longer deploy to Azure, as the certificates weren't in Azure. Firstly, I think that's an Azure/Visual Studio issue. Once the box is ticked, I should be able to untick it and have it remove any certificates/settings that it added. Secondly, I couldn't actually work out how to publish the generated certificates to Azure. I'm sure this is also an Azure/VS issue and not a StockTrader issue, as the newly generated remote desktop certificates should be able to be uploaded to Azure, if I knew where they were. Just a theory though!

Answer 4

I found the missing certificate. I went into mmc.exe, added in Certificates, chose Current User certificates, selected the Personal\Certificates folder and the remote desktop connection certificates are there. It was just a matter of exporting the certificate then uploading it to the Azure Management Console, Certificates folder for the Hosted Service you want to provide remote desktop access to. Hope that helps someone.

Answer 5

I tried doing the same thing, but i am getting the error- "The remote access certificate does not have a private key." Finally i went to VS2010 and exported the certificate with private key and its working fine.

Is there any way we can export certificate from mmc with private key?

Answer 6

When exporting the certificate from mmc (Certificate>Details>Copy to File) the first screen of the export wizard gives you the option to include the private key.

And this worked fine for me, I used default export settings for the rest.

Answer 7

Worked for me ... Thanks :)