How to: Generate Free SSL Certificate for a domain and upload on Azure Website?

Today  I spent nearly 2 hours browsing through the Web for ways to create an SSL Certificate for Free from Let’s Encrypt. I explored letsencrypt.org  and various other websites, and landed up on one with the easiest steps. While trying others I got stuck many times in the middle as many of them have a procedure involving some Linux bash commands unclear to me or requiring some complex process. I wanted to Generate a PFX file which I can simply select and upload  to Microsoft Azure Website and it was very hectic browsing through for hours finding the right procedure.

Documentation on letsencrypt.org is very difficult to follow. In the process I came across this lovely site which facilitates simplistic steps (as on today, for me) to Generate an SSL Certificate:

SSL For Free (www.sslforfree.com)

The procedure involves OpenSSL command line tool to generate the PFX file as a final step.

First step is to enter the site domain name(s) :

SSL_For_Free__1Next is the Domain Ownership Verification:

SSL-Domain-VerificationThat’s it. On successful verification it will present you the Certificates and private key in plain text and will allow you to download them as files in a Bundle.

SSL-Generated

SSL-Generated 2

I downloaded the bundle and I got three files inside:

  • ca_bundle.crt
  • certificate.crt
  • private.key

As a final step, to generate the PFX (Personal Information Exchange) file I had to use OpenSSL command line tool which I downloaded from here:

http://slproweb.com/products/Win32OpenSSL.html

I downloaded version: “Win64 OpenSSL v1.0.2k” from the available list as my machine is 64-bit. If you have a 32-bit machine, go for a 32-bit binary.

You need to run the following command in command prompt after the installation of OpenSSL is completed. Make sure you update the “PATH” System Environment variable with OpenSSL’s installation folder path, so that you don’t have to be inside OpenSSL bin folder every time to access the OpenSSL tool.

openssl pkcs12 -export -out “certificate_combined.pfx” -inkey “private.key” -in “certificate.crt” -certfile ca_bundle.crt

 

“certificate_combined.pfx” is the final certificate file that you will be uploading to the portal. OpenSSL-Command

Here’s the PFX file I got generated ready to upload.

PFX file

 

I hope these steps will help you minimize the time to find the right solution for SSL Generation on Windows OS. This certificate however is not Limited to Azure Websites only and you can use if wherever PFX can be used. Also, SSL Certificates generated from this portal will be expired in 90 days, so make sure you regenerate another within this time frame.

In the process i also found this website very helpful to identify SSL installation: https://www.ssllabs.com

This website produces good SSL analysis for any specified website and I will leave that to you to explore more.

ssllabs

 

Uploading this to your Azure Website and enjoy SSL benefits without spending a single penny! Hope this helps someone like 🙂

Happy Learning, Cheers!!

Leave a Comment