none
associated with HTTPS input endpoint Httpsin does not contain private key

    Question

  • Guys, I am having the below error on deployment:

    Certificate with thumbprint 1D5B3DEF207B70C7426953315A8C06EB38E50FAA associated with HTTPS input endpoint Httpsin does not contain private key./nOperation Id: 766f42d4-384f-41d9-9878-34b86097805f

    Is this a known error or a unique one?

    Friday, February 03, 2012 12:44 AM

Answers

  • Hi,

    There are two kinds of certificate when you try use deploy the Windows Azure Application, the .cer certificate does not contains a private key and it can be generated by X509Certificate2 class, it used when you try publish the roles on Windows Azure Platform. You can try it by right click the solution with "Publish" button, it required you has a .cer file.

    http://blog.aswinboy.net/?p=383

    The another certificate is .pfx file, the .pfx file is used for SSL certificate and its has private key, you can create it by Microsoft Management Console or just convert the existing .cer certificate to .pfx. You work is only to add a private key.

    http://www.ehow.com/how_8586664_convert-cer-pfx.html

    I guess here you need a .pfx certificate, not a .cer one.

    Hope it can help you.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
    • Marked as answer by tgbrkug Friday, February 03, 2012 11:10 AM
    Friday, February 03, 2012 9:29 AM
    Moderator
  • Yes, totally right. I was using the .cer file under my file system, not the one inside the cert store. The one under the cert store has the private key. When I deploy that to portal, my all problems are solved.
    • Marked as answer by tgbrkug Friday, February 03, 2012 11:10 AM
    Friday, February 03, 2012 11:10 AM

All replies

  • Hi,

    There are two kinds of certificate when you try use deploy the Windows Azure Application, the .cer certificate does not contains a private key and it can be generated by X509Certificate2 class, it used when you try publish the roles on Windows Azure Platform. You can try it by right click the solution with "Publish" button, it required you has a .cer file.

    http://blog.aswinboy.net/?p=383

    The another certificate is .pfx file, the .pfx file is used for SSL certificate and its has private key, you can create it by Microsoft Management Console or just convert the existing .cer certificate to .pfx. You work is only to add a private key.

    http://www.ehow.com/how_8586664_convert-cer-pfx.html

    I guess here you need a .pfx certificate, not a .cer one.

    Hope it can help you.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
    • Marked as answer by tgbrkug Friday, February 03, 2012 11:10 AM
    Friday, February 03, 2012 9:29 AM
    Moderator
  • Hi,

    Here is what I did:

    I created the self-signed cert with the following command:

    makecert -sky exchange -r -n "CN=<foo2.foo.cc>" -pe -a sha1 -len 2048 -ss My "foo2.foo.cc.cer"

    Then I used the following PS command to convert it to .pfx:

    $c = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\azure\certs\foo2.foo.cc.cer")
    $bytes = $c.Export("Pfx","password")
    [System.IO.File]::WriteAllBytes("c:\azure\certs\foo2.foo.cc.pfx", $bytes)
    


    Then I upload that .pfx to my windows azure hosted service and after it finishes the upload, it gave me a thumbprint on the right hand side. I use that inside my configuration as follows:

    ServiceConfiguration.Cloud.cscfg

    <ServiceConfiguration serviceName="Foo.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*">
      <Role name="FooRole">
        <Instances count="2" />
        <ConfigurationSettings>
          <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
        </ConfigurationSettings>
        <Certificates>
            <Certificate name="foo2.foo.cc" thumbprint="1D5B3DEF207B70C7426953315A8C06EB38E50FAA" thumbprintAlgorithm="sha1"/>
        </Certificates>
      </Role>
    </ServiceConfiguration>


    ServiceDefinition.csdef

    <ServiceDefinition name="NavyHotel.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
      <WebRole name="FooRole" vmsize="Small">
        <Sites>
          <Site name="Web">
            <Bindings>
              <Binding name="Endpoint1" endpointName="Endpoint1" hostHeader="foo2.foo.cc" />
              <Binding name="Httpsin" endpointName="Httpsin" hostHeader="foo2.foo.cc" />
            </Bindings>
          </Site>
        </Sites>
        <Endpoints>
          <InputEndpoint name="Endpoint1" protocol="http" port="80" />
          <InputEndpoint name="Httpsin" protocol="https" port="443" certificate="foo2.foo.cc" />
        </Endpoints>
        <Imports>
          <Import moduleName="Diagnostics" />
        </Imports>
        <Certificates>
            <Certificate name="foo2.foo.cc" storeLocation="LocalMachine" storeName="My" />
        </Certificates>
      </WebRole>
    </ServiceDefinition>

    What could be thing going wrong here?

    Friday, February 03, 2012 9:47 AM
  • Everything looks right to me here. I checked that My cert has a private key with following script:

    dir cert:\localmachine\my | Where-Object { $_.hasPrivateKey }

    foo2.foo.cc cert is in the list.

     

    Friday, February 03, 2012 10:05 AM
  • Ok, wait maybe I used the cert from file, not from the cert store. I am giving it a try with the one in my cert store. I checked that the the file has no private key.

    • Edited by tgbrkug Friday, February 03, 2012 10:12 AM
    Friday, February 03, 2012 10:10 AM
  • Yes, please try to check your certificate file with private key, i think your deployment steps is correctly and you should not get this error message, perhaps you upload the wrong certificate file.

    Hope it can help you.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
    Friday, February 03, 2012 10:58 AM
    Moderator
  • Yes, totally right. I was using the .cer file under my file system, not the one inside the cert store. The one under the cert store has the private key. When I deploy that to portal, my all problems are solved.
    • Marked as answer by tgbrkug Friday, February 03, 2012 11:10 AM
    Friday, February 03, 2012 11:10 AM