Introduction

Managing an HDInsight cluster, or running an HDInsight job, from an Azure worker role, requires you to set up a certificate to access the HDInsight cluster. This post shows the steps to generate the certificate files we need. The next one will show you how to upload the certificates to the Azure management portal, and how to configure your cloud service (Setting up a cloud service to run HDInsight jobs – Part 2).

Creating the certificate files

The certificates you download from your Azure subscription will not allow you to generate a pfx file, so we’ll need to create our own. This can be done in two ways: we can buy a certificate from firms like VeriSign or Entrust, or, we can create one ourselves with IIS, for free!

Create the .pfx file

1. Go to Start –> Run (or press Win + R).
2. Type ‘inetmgr’ (without the quotes. This will open IIS Manager.
3. Select the root node in left panel.
4. Double click the ‘Server Certificates’ icon in the middle panel:
   
5. Click on ‘Create Self-Signed Certificate’ in the right side panel.
   
6. Give it a friendly name and click OK.
   
7. Save the certificate file (.pfx):
   1. In IIS Manager, double click on the certificate which you just created.
   2. In the Certificate properties window, go to the Details tab.
      
   3. Click ‘Copy to File’.
      
   4. The wizard will open, click Next.
      
   5. Select ‘Yes, export the Private key’ and click Next.
      
   6. Select ‘Personal Information Exchange…’ and click Next.
      
   7. Set a Password and click Next.
      
   8. Select the file location and click Next.
   9. Lastly, check the information and click Finish to export the certificate.

Create the .cer file (out of the .pfx certificate)

First, we need to install our pfx certificate in our computer’s certificate store, and then we’ll export it as a .cer file.

1. Open the Certificate Manager by going to Start, then Run, and entering ‘certmgr.msc’:
   
2. Import the pfx certificate to the personal store:
   1. Select Personal -> Certificates from the left menu:
      
   2. Go to Action -> All Tasks -> Import…
      
   3. A new wizard will open, click Next.
      
   4. Browse for the pfx file we generated earlier, and click Next.
      
   5. Enter the password and click Next.
      
   6. Select the store in which to save the certificate and click Next.
      
   7. Confirm the information and click Finish.
3. Now we’ll export the .cer file:
   1. Right click the certificate we just imported, select All Tasks -> Export…
      
   2. Select ‘No, do not export the private key’ and click Next.
      
   3. Select the default: ‘DER encoded binary X.509 (.CER)’ and click Next.
      
   4. Specify the file location and click Next.
      
   5. Confirm the information and click Finish.

Summary

In this post we saw how to create the certificates we need to manage or run jobs in our HDInsight cluster. In the next post we’ll see how to upload the certificates to the Azure portal and how to configure our service.

Happy coding!

@gjbellmann