I asked my friends about how to renew SSL certificate used on a Windows Server. Unfortunately, none of them really know how to do it on IIS 6. Hence, my senior decided to work together with me to renew our existing certificate on IIS as an experiment and learning opportunity.
We got our existing SSL certificate from GoDaddy. So, our first step is to visit the SSL Certificates section in the My Account page.
After that, in the Manage Certificate section of the selected certificate, we can submit new changes of our certificate. In order to renew the certificate, we submitted the new Certificate Signing Request (CSR) there.
CSR and Certificate Installation
So, where did we get the CSR from? From the wizard!
Firstly, we created a new website in IIS Manager. After that, we went to the Directory Security tab of the Properties of the website to create a new certificate. From there, we could get a new CSR.
Secondly, we went back to GoDaddy to submit the CSR.
Thirdly, we downloaded the certificates from GoDaddy after we submitted the CSR. With the certificates downloaded to the server, we just followed the instructions available on GoDaddy to install both the Primary SSL Certificate and Intermediate SSL Certificate.
Finally, we went to the IIS Web Site that we would like to have its SSL certificate to be renew and choose the “Replace the current certificate” option.
Done. It’s quite straightforward. Please tell me if I’m wrong or you have a better way of doing all these on IIS. Thanks in advance and happy new year! =)
Last year April, I received a newsletter from Windows Azure Team saying that Windows Azure Virtual Machines were generally available. Finally, full control and management of virtual machines on Azure is now possible! The release undoubtedly successfully brought Microsoft Azure closer to Amazon who is also focusing on IaaS.
The reason that I’m so happy with the announcement is because I have already an ASP .NET Web Application running on my server running on Windows Server 2008 in a data centre. I would like to find out how to host it on cloud. Since I have already tried out Amazon last time with friends, so now I am interested to see how fun it will be to host my application on Azure and what benefits it will provide.
Beginning of Journey: When Affinity Group Brings Your Services Together
Before creating a new virtual machine in Azure, I create a new Affinity Group. Affinity Groups will be able to group Microsoft Azure services by locating them in the same data centre to optimize performance.
Create Virtual Machine
Same as Amazon, I am allowed to create my virtual machine in Microsoft Azure with an image that is already offered in the Microsoft Azure Management Portal. So, there is no need for me to upload any Windows Server image created on-premise. Thus, the first step is to choose an image. Surprisingly, they provide also things like Ubuntu Servers, Oracle servers, openSUSE, and so on.
There are sometimes multiple versions available for one image. So after choosing an image, for example the Windows Server 2012 R2 Datacenter, I get to choose the version of the OS that I want. As a best practice, it’s recommended to always choose the one with latest release date.
After choosing the tier, I will be able to pick one of the available sizes for the virtual machine from the Size dropdown list. There are many size codes, from A0 to A7. As David Aiken, Azure Group Technical Manager, said in Windows Azure for IT Pros Jump Start, the letter “A” and the number behind the “A” don’t mean anything. Seriously, it’s just a code. Also, the code has nothing to do with the paper size that we are familiar with. By the way, I think David did predict it correctly. There is really a A5 size introduced recently. Wow.
Of course, the smaller the instance, the lower the price we need to pay. The following is a screenshot of the virtual machine pricing details for Asia Pacific Southeast (i.e. Singapore) which I am interested at. You can read more about the details on pricing and available VM disk sizes on Microsoft websites as well.
After the size for the new virtual machine is decided, the next thing that I need to do is create a user account to access the VM later. There is a nice feature in the management console is that it does not allow us to use “admin” or “administrator” as the user name for security purpose.
Configure Virtual Machine: Cloud Service, Affinity Group, and Availability Set
Up to this point, the virtual machine earlier is not yet created. There is other configuration needed. First of all, we need to decide which Cloud Service to use. Cloud Service is basically a boundary of management, configuration, networking, security, etc that hosts the virtual machines in it. So, virtual machine must be stored in a cloud service. By doing so, we do not need to worry about hardware failure and network issues because Cloud Service will be there to help making our applications on the virtual machines are continuously available when those issues happen. Thus. it’s a way to make your application highly-available.
Secondly, in the “Region/Affinity Group/Virtual Network” dropdown, since I have created an Affinity Group in advance, so I get to choose not just the usual region but also Affinity Groups that I have created.
Thirdly, since I don’t have a Storage Account yet, so by default, it will choose the only option “Use an automatically generated storage account”.
To allow communication with the virtual machine from external resources, endpoints need to be added in order to have them to handle the inbound network traffic to the virtual machine. In addition, when an endpoint is created, there is a need to create an inbound rule in the Windows Firewall with Advanced Security in the virtual machine to allow the traffic route through the endpoint.
So, in order to enable public to view the ASP .NET web applications that I host on the virtual machine, I will first need to create an endpoint for HTTP on the Azure management portal for the virtual machine. After that, I just need to install the IIS windows feature on the virtual machine together with Application Development feature added to allow HTTP traffic.
Finally, I also add endpoints for the FTP (such as port 21) because I need FTP access to this server. There was an interesting error when I try to upload file to the FTP Server using Filezilla. The error said, “The supplied message is incomplete. The signature was not verified.” Luckily, there are already people discussing online going on with some solutions to the problem. One of them is applying a hotfix from Microsoft which I have the link to it in the list below. It turns out that this error will only occur on Windows Server 2012 (R2) and Windows 8(.1).
There are some online articles which help me to better configure the endpoints and have both the web server and FTP setup on the virtual machine.
Basically, this covers the basic stuff of setting up Azure virtual machine as both a web server and FTP server. It is quite straightforward and about the same as what I did on Amazon EC2. If you would like to learn more, I’d suggest you to attend the online courses about Microsoft Azure on Microsoft Virtual Academy.
One day before the end of my long weekend, I decided to learn setting up Windows Server 2012 instance on Amazon EC2. Also, I noted down the setup steps for my future reference.
After signing up at Amazon Web Service website, I visited the EC2 Dashboard from the AWS Management Console. Since I’d like to setup one instance in Singapore, I had to choose the region from the drop-down list at the top-right corner of the website.
After the region was chosen, I clicked on the blue “Launch Instance” button located at the middle of the web page to launch my first virtual server on EC2. Normally I chose the Classic Wizard so that some configurations could be changed before the setup.
The following step would be choosing an Amazon Machine Image (AMI). Somehow the Root Device Size was 0 GB which I had no idea why so. Due to the fact that I only wanted to try out AWS, I chose the one with Free Usage Tier, i.e. the Microsoft Windows Server 2012 Base.
In the following steps, there were options for me to set the number of instances required, instance type (set to Micro to enjoy free usage tier), subnet, network interfaces, etc. After all these, there would be a section to set the root volume size. By default, it’s 0 GB. So the instance wouldn’t be launched if the value was left default. I set it to 35 GB.
After providing the instance details, the next step would be creating key pair which would be used to decrypt the RDP password in the later stage. Thus, the key pair needed to be downloaded and stored safely on the computer.
There was also another section to set which ports would be open/blocked on the instance.
Finally, after reviewing all the details, I just clicked on the “Launch” button to launch the instance.
Right after the button was clicked, there was a new record added to the Instances table and its State immediately changed to “running”.
By right-clicking on the instance and choosing the item “Get Windows Password”, I received the default Windows Administrator password which would be used to access the instance remotely via RDP.
Yup, finally I can start playing with Windows Server 2012. =D