Administrator Guide
Figure 72. WAPCerts
The root folders for the Windows Azure Pack websites are named MgmtSvc-*, where * is the name of the Windows Azure Pack
service—for example, MgmtSvc-TenantSite.
In each root level folder, there is a second-level folder that is the name of the VM on which the certicate is installed. This folder
contains the following les:
• The exported .pfx le
• A Java Script Object Notation (JSON) representation of the certicate—.json le
• A text le where you can view the certicate subject name, expiration date, and other information.
Step 2: Obtain certicates from a trusted certication authority and copy
the .cer les to a share
1 If you have not already, obtain one or more certicates from a trusted certication authority, as described in Obtain a Certicate on
the Microsoft website.
2 On the Console VM, follow the same procedure that you did earlier to create a UNC le share for the trusted certication
authority .cer les. For example, create a le share that is named \\<
Prex
>CON01\TCAShare. Make sure that the <Prex>-System
account has Read/Write permissions.
3 Copy the certicate (.cer) le or les to the share location.
NOTE
: Notice that there may be both a root certication authority certicate and an intermediate certication
authority certicate.
Step 3: Import the trusted root and intermediate certication authority.cer
les to establish the certicate chain on each VM
This step establishes the correct certicate chain of trust on each VM. A certicate chain consists of all the certicates that are needed to
certify the subject that is identied by the end certicate. For example, an intermediate certication authority certicate is linked to a root
Security
135