Setting Up a Microsoft Azure Management Certificate for Azure Classic
Deprecated: The Azure Classic Deployment Model feature will be deprecated in Service Pack 17.
Use the Azure Resource Manager Deployment Model for new configurations, and to redeploy existing Azure Classic resources. In Service Pack 17, existing Azure Classic configurations will continue to work as defined. However, new configurations will not be supported.
An Azure management certificate is required for communication between Azure Classic and the Virtual Server Agent (VSA) proxy machine.
For background information on managing services and certificates, see the information in the following topic in Microsoft Azure documentation.
Before You Begin
- An Azure subscription ID is required.
- Install .Net Framework 4.5 on the Virtual Server Agent proxy.
- Conversion of virtual machines to Azure is not supported for IntelliSnap backups.
You must create and upload an Azure management certificate.
As an alternative to steps 1-3, you can use the Azure Certificate Generation Tool. The tool is supported on machines running Windows Server 2012 and Windows Server 2012 R2. When you run the tool, you must provide the certificate name and password. The tool creates a .pfx certificate and exports the .cer and .pfx files for the certificate to the local C: drive.
- On the VSA proxy machine, create an Azure management certificate. You can create a self-signed management certificate from a Visual Studio command prompt by running the following command as an administrator:
makecert -sky exchange -r -n "CN=certificate_name" -pe -a sha1 -len 2048 -sr localmachine -ss My "certificate_name.cer"
When this operation is performed on the VSA proxy, the certificate is automatically imported into the certificates store for the local machine.
- If the certificate was created on a different machine, export the Personal Information Exchange certificate (.pfx file) from the machine where the management certificate was created, and then import the certificate on the VSA proxy machine using the following options:
- Choose Local Machine as the certificate store location.
- Enter a password for the private key and include extended properties.
Make a note of the private key password in a secure location.
- Use default values for other settings.
- From the Microsoft Management Console (MMC) Certificates console, export the management certificate. The certificate will be included under the Local Computer > Personal certificate store in the MMC Certificates console.
- Do not export the private key.
- When prompted, enter the file name for the management certificate with the .cer file extension.
- Use default values for other options.
- Log in to the Azure management portal and upload the exported certificate file for the management certificate.
- After uploading the management certificate, use the Azure management portal to copy the thumbprint for the certificate installed on the VSA proxy machine. The thumbprint is required to create an Azure virtualization client.
What to Do Next
Last modified: 9/11/2019 7:39:44 PM