Loading...

Setting Up a Microsoft Azure Management Certificate for Azure Classic

You must have an Azure management certificate so that the SQL server proxy machine can communicate with Azure Classic.

After you create the certificate, install the certificate on all proxy clients that you associate with an Azure app.

Use this procedure to create and upload the Azure management certificate.

For background information, see the following Microsoft articles.

Before You Begin

You must have an Azure subscription ID.

Procedure

Using the Azure Certificate Generation Tool

Go to the Commvault Store and download the Azure Certificate Generation Tool.

Before You Begin

You must have an Azure subscription ID.

Procedure

Using the Azure Certificate Generation Tool

Go to the Commvault Store and download the Azure Certificate Generation Tool.

The tool is supported on Windows 2012, 2012R2 and 2016.

Run this tool from the command line and provide the certificate name and password as parameters. The tool creates a .pfx certificate and exports the .cer and .pfx files for the certificate to the local C: drive.

Manually Creating the Certificate

  1. On the SQL proxy machine, create an Azure management certificate. You can create a self-signed management certificate from the PowerShell command prompt by running the following command as an administrator:

    New-SelfSignedCertificate –DnsName “certificate_name" –CertStoreLocation “cert:\LocalMachine\My”

    When this operation is performed on the SQL proxy, the certificate is automatically imported into the certificates store for the local machine. You must move or install the certificate to the “Trusted Root Certification Authorities” store.

  2. From the Microsoft Management Console (MMC) Certificates console, export the management certificate. The certificate will be included under the Local Computer > Personal certificate store in the MMC Certificates console.
    • Do not export the private key.
    • When prompted, enter the file name for the management certificate with the .cer file extension. 
    • Use default values for other options.

What to Do Next

  1. Log on to the Azure management portal and upload the exported certificate file for the management certificate.
  2. After uploading the management certificate, use the Azure management portal to copy the thumbprint for the certificate installed on the SQL proxy machine. The thumbprint is required to create an Azure SQL pseudo-client.

    The tool is supported on Windows 2012, 2012R2 and 2016.

    Run this tool from the command line and provide the certificate name and password as parameters. The tool creates a .pfx certificate and exports the .cer and .pfx files for the certificate to the local C: drive.

Manually Creating the Certificate

  1. On the SQL proxy machine, create an Azure management certificate. You can create a self-signed management certificate from the PowerShell command prompt by running the following command as an administrator:

    New-SelfSignedCertificate –DnsName “certificate_name" –CertStoreLocation “cert:\LocalMachine\My”

    When this operation is performed on the SQL proxy, the certificate is automatically imported into the certificates store for the local machine. You must move or install the certificate to the “Trusted Root Certification Authorities” store.

  2. From the Microsoft Management Console (MMC) Certificates console, export the management certificate. The certificate will be included under the Local Computer > Personal certificate store in the MMC Certificates console.
    • Do not export the private key.
    • When prompted, enter the file name for the management certificate with the .cer file extension. 
    • Use default values for other options.

What to Do Next

  1. Log on to the Azure management portal and upload the exported certificate file for the management certificate.
  • After uploading the management certificate, use the Azure management portal to copy the thumbprint for the certificate installed on the SQL proxy machine. The thumbprint is required to create an Azure SQL pseudo-client..

    The tool is supported on Windows 2012, 2012R2 and 2016.

    Run this tool from the command line and provide the certificate name and password as parameters. The tool creates a .pfx certificate and exports the .cer and .pfx files for the certificate to the local C: drive.

Manually Creating the Certificate

  1. On the SQL proxy machine, create an Azure management certificate. You can create a self-signed management certificate from the PowerShell command prompt by running the following command as an administrator:

    New-SelfSignedCertificate –DnsName “certificate_name" –CertStoreLocation “cert:\LocalMachine\My”

    When this operation is performed on the SQL proxy, the certificate is automatically imported into the certificates store for the local machine. You must move or install the certificate to the “Trusted Root Certification Authorities” store.

  2. From the Microsoft Management Console (MMC) Certificates console, export the management certificate. The certificate will be included under the Local Computer > Personal certificate store in the MMC Certificates console.
    • Do not export the private key.
    • When prompted, enter the file name for the management certificate with the .cer file extension. 
    • Use default values for other options.

What to Do Next

  1. Log on to the Azure management portal and upload the exported certificate file for the management certificate.
  2. After uploading the management certificate, use the Azure management portal to copy the thumbprint for the certificate installed on the SQL proxy machine. The thumbprint is required to create an Azure SQL app.

Last modified: 9/12/2018 9:52:02 PM