Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

First obtain an Azure subscription, then generate an RSA private key and create a self-signed certificate using the key. Then register your self-signed certificate in Microsoft Azure.

Obtain a Subscription ID

Register in Microsoft Azure and obtain a subscription ID, for example.

2f301f4e-32d4-abcd-ae3a-dc0fe95f2877

Generate an RSA private key

Replace "azure_cert" and "private_key_password" with your own values.

$ openssl genrsa -des3 -passout pass:private_key_password -out azure_cert.pass.key 2048
$ openssl rsa -passin pass:private_key_password -in azure_cert.pass.key -out azure_cert.key
$ rm azure_cert.pass.key

Example

An example of these steps is:

04:03:29 ~/.ssh$  openssl genrsa -des3 -passout pass:private_key_password -out azure_cert.pass.key 2048
Generating RSA private key, 2048 bit long modulus
...........+++
............................+++
e is 65537 (0x10001)
04:03:39 ~/.ssh$ openssl rsa -passin pass:private_key_password -in azure_cert.pass.key -out azure_cert.key
writing RSA key
04:04:57 ~/.ssh$ rm azure_cert.pass.key

Generate a self-signed certificate

Generate a self-signed certificate that is signed using the generated key.

Replace "azure_cert" with your own value as above.

Openssl will prompt you for details. Azure does not use these details but some of them may be useful in identifying your certificate in the Azure portal.

$ openssl req -new -key azure_cert.key -out azure_cert.csr
$ openssl x509 -req -days 365 -in azure_cert.csr -signkey azure_cert.key -out azure_cert.crt
$ openssl x509 -in azure_cert.crt -outform der -out azure_cert.cer

An example of these steps is:

04:07:26 ~/.ssh$ openssl req -new -key azure_cert.key -out azure_cert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:private_key_password
An optional company name []:
04:09:42 ~/.ssh$ openssl x509 -req -days 365 -in azure_cert.csr -signkey azure_cert.key -out azure_cert.crt
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Getting Private key
04:10:47 ~/.ssh$ openssl x509 -in azure_cert.crt -outform der -out azure_cert.cer

Register credentials in Azure  

  1. In Azure: Upload certificate to management portal in your subscription as explained here http://msdn.microsoft.com/en-us/library/azure/gg551722.aspx
    1. Go to Settings > Management certificates
    2. Upload your azure_cert.cer file

Add credentials to your tenant 

  1. In Abiquo:
    1. Edit the enterprise and click on the Credentials tab
    2. Select Azure in the Provider combo box 
    3. Enter the Access KeyID in the format: {AZURE_SUBSCRIPTION_ID}#{CERTIFICATE} - where {CERTIFICATE} is the content of azure_cert.crt

      2f301f4e-32d4-abcd-ae3a-dc0fe95f2877#-----BEGIN CERTIFICATE-----
      MIIDszCCApugAwIBAgIJAIK3rG0KhXRoMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
      BAYTAkVTMRIwEAYDVQQIDAlCYXJjZWxvbmExEjAQBgNVBAcMCUJhcmNlbG9uYTEP
      MA0GA1UECgwGQWJpcXVvMQ8wDQYDVQQLDAZBYmlxdW8xFzAVBgNVBAMMDkRhbmll
      bCBFc3RldmV6MB4XDTE0MDgxOTA5Mjg0MVoXDTE1MDgxOTA5Mjg0MVowcDELMAkG
      A1UEBhMCRVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBAGA1UEBwwJQmFyY2Vsb25h
      MQ8wDQYDVQQKDAZBYmlxdW8xDzANBgNVBAsMBkFiaXF1bzEXMBUGA1UEAwwORGFu
      aWVsIEVzdGV2ZXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCueyyw
      PB7AIxRVAmPFQXUgTqXRoifj8DIrcLrRTuqs/f4EtzenfJEQNPwDxChN9/VbmpGZ
      cMqsue2pJ6Dzu2IHKZgK0gfCq3c7JGuyy9FVaXkqDZJ4dQoNdVpZGs6ElFybgmMr
      UuSxPM2ZhWbRvJoiXc9nhm+Xunj9U0PSJPR6s5GLb6ij8mG/vq5Je50lBVdmVhpW
      Fs4i3idhvsNjAvyO+rgLSfey8PM1UD5rNVQn8MnT3nuq/lXGLlL97EhexZA8am5z
      asdfasdfasdfasdfasdfasdfasdfaP/CWJxd9I/hBdal0eAStKzWe3HeDiKldn+K
      /eTpeG0+TBIyZcnDAgMBAAGjUDBOMB0GA1UdDgQWBBSkF8cJnnj+i1rCfVdbFaaX
      Qlcm3zAfBgNVHSMEGDAWgBSkF8cJnnj+i1rCfVdbFaaXQlcm3zAMBgNVHRMEBTAD
      AQH/MA0GCSqGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw5nnCNa2EIOQGG3OI
      aw+SrEqNlbAryfVsZU3IIFEixMMfuR1D1nH1dg7BFTm0auWKarkSYsI0iHcPX3PE
      ba77GZ3nCVA7GSw1lx7ZapjGTct/bmh97Z0g3CB77uJipUJh7/ZbDQ3ykAAWpJGF
      pDWvIVGZQvwPADxvMKqYc132wFOe0xHqDOgM24PuJh00uu3fpDfJodlz+nowlsTY
      Bkzd2V7Tg5nKZYZAXLmBXbIsMMdgJZEL7pTicUyHsXeRLFjPBQ5L9UDINGhLz2i5
      S0nviS/RzzMdgIpjZrpHbAN5nQPUMNxVhmxOAVHf5vTk9BKtNCd/
      -----END CERTIFICATE-----
    4. Enter the Secret access key in the format {PRIVATE_KEY_FOR _CERTIFICATE} - where {PRIVATE_KEY_FOR _CERTIFICATE} is the content of azure_cert.key

      -----BEGIN RSA PRIVATE KEY-----
      MIIEpQIBAAAAAAAAAAAAAAAARw4AN3zeAcmHUbCF1nFFYH/khWDcXIMw1w/CfBCr
      S/+s8w3JMRwaFh84nHXFKI7PEg/cBM1IkqFRqHxUR40AUU+W1EiuUROdHON06hmA
      mQ1TS5ZDAAAAAAAAAAAAAAAAAAAA+Ly7In7jyugBzN4jOc4kEF42leaeVUG40bdU
      OlytTENlNIFF4aMaY5Jgc2fEVQ2kACU0cftaks8z11WmVzy67DV0dDzaZYb1cov7
      AVC797AAAAAAAAAAAAAAAAbEa6A9wQjfqkcMcUvx7QOrGZxJGsvRqH7Rvf6MhRzn
      54tk4BNtA9lGTTm5Qb+jNcaecCGBQB7xo8dBtwIDAQABAoIBAHBHPzukZgFeo/8p
      D0vjaYz3jO/OXEamYZxmHpY0TGIVdZGBzfcjrkT41uAVkEZ9iky06P8Fz1nfU1WR
      f23i2w1ZfzV+zPy7ENQL2jQFUKWyYRvhoRaaqWzYAkMLDYytgrZZmIgbEyEa3um4
      ff5LcZOAAAAAAAAAAAAAAAAAAAAAOfIs0LNeKCUoO5VIbQR/UIymi1NWdl1ZWUIg
      Vcnrv+R/VZb5DWuq9mDyBcEO+BP1L7O0TIrAD9VU4bun9gw8WS4Tg4OkkIHhG4pP
      6epBz70VY7C4XJjPT1WxsR17JyO5QIXzNy6cshsNWucWx4aP6XaSZSN1btrEC8Dm
      263X/WECgYEA4cfkdiBbvuktWAzp091TDEqt0s4FM5G2uVbqPOUkrZ/tid6ulB4B
      FFcwFL9ST80FG3IF8eQcThIQUA3HUB9WccGk94K/j5DswIOIyZ7B1H3kSP1Wo3cK
      eM3Rkrx1nXSmQEx6cuIm1dLrz6KvwMaP4pUXcXLFBmYKCYi4JZKyXx8CgYEA0P0i
      h+qVhl4orm6np33AJtmHvSaPU6CfwkC40cDSQIzZxqir98LN7rXm2Il5JfBqIKLw
      gdrU3cyZ4izAmT6sXuXAAAAAAAAAAAAAAAAAAAAAAAcAeUUZ/RrWheARiVli8N+x
      4NrXGCcAJwpTeyeiO7Gll79FPmq/fBizctAgAmkCgYEAtnnevFXksIQ2YI53QQME
      hs+octKNQ6OF4X9MaxDrNuQlkCMIR6+EQdNBidMjDFnvwcHC6j/pXHOe+YRZTPk2
      3VObJ2tltPt1TRZBrGoBz+I7aX5O0mh4bzAxK/3itPI9F4R4Bnee2XvRmAutLgmM
      6pyCyO7wK/62KAR2h+9q+BMCgYEAqSm9IbdIgRMGaus22eR3/PpnXTwxF8gUiPBK
      qb4icg2Q2bT+PfZ5Kpgi23OrlIId5Xz+oJ25YC+U//apj2GjtMz9onAh2o3gAbHR
      cG4792uu5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUmCRYkaakycgmsxACF3v0UtN
      NcoxnsECgYEAnIV2SUYbL1uvkbD4ZsfUrO1OEOeK+cNIXQmOVndE0TOCKxYXsj5c
      PtVd7X5K2JK9Dazdg/yv0AZCEKKgxr+60LG7JgivraYeC9Ailv+3LNrTbcwRHQij
      GnTguSJUE3LHN3Rxe56QWbbgYaY7mUYUxzgvdg0U1JTbpO4fC2uF7ek=
      -----END RSA PRIVATE KEY-----
  • No labels