Setting up a cloud service to run HDInsight jobs – Part 1

Introduction

Managing an HDInsight cluster, or running an HDInsight job, from an Azure worker role, requires you to set up a certificate to access the HDInsight cluster. This post shows the steps to generate the certificate files we need. The next one will show you how to upload the certificates to the Azure management portal, and how to configure your cloud service (Setting up a cloud service to run HDInsight jobs – Part 2).

Creating the certificate files

The certificates you download from your Azure subscription will not allow you to generate a pfx file, so we’ll need to create our own. This can be done in two ways: we can buy a certificate from firms like VeriSign or Entrust, or, we can create one ourselves with IIS, for free!

Create the .pfx file

  1. Go to Start –> Run (or press Win + R).
  2. Type ‘inetmgr’ (without the quotes. This will open IIS Manager.
  3. Select the root node in left panel.
  4. Double click the ‘Server Certificates’ icon in the middle panel:
    Server certificates icon
  5. Click on ‘Create Self-Signed Certificate’ in the right side panel.
    Server Certificates actions
  6. Give it a friendly name and click OK.
    Specify friendly name
  7. Save the certificate file (.pfx):
    1. In IIS Manager, double click on the certificate which you just created.
    2. In the Certificate properties window, go to the Details tab.
      Details tab
    3. Click ‘Copy to File’.
      Copy to file
    4. The wizard will open, click Next.
      Export wizard
    5. Select ‘Yes, export the Private key’ and click Next.
      Export the private key
    6. Select ‘Personal Information Exchange…’ and click Next.
      Personal information exchange
    7. Set a Password and click Next.
      Set password
    8. Select the file location and click Next.
    9. Lastly, check the information and click Finish to export the certificate.

Create the .cer file (out of the .pfx certificate)

First, we need to install our pfx certificate in our computer’s certificate store, and then we’ll export it as a .cer file.

  1. Open the Certificate Manager by going to Start, then Run, and entering ‘certmgr.msc’:
    Run certmgr.msc
  2. Import the pfx certificate to the personal store:
    1. Select Personal -> Certificates from the left menu:
      Personal Certificates
    2. Go to Action -> All Tasks -> Import…
      Import
    3. A new wizard will open, click Next.
      Import wizard
    4. Browse for the pfx file we generated earlier, and click Next.
      Browse pfx file
    5. Enter the password and click Next.
      Enter password
    6. Select the store in which to save the certificate and click Next.
      Select the store
    7. Confirm the information and click Finish.
  3. Now we’ll export the .cer file:
    1. Right click the certificate we just imported, select All Tasks -> Export…
      Export
    2. Select ‘No, do not export the private key’ and click Next.
      Export wizard
    3. Select the default: ‘DER encoded binary X.509 (.CER)’ and click Next.
      CER File
    4. Specify the file location and click Next.
      Export file location
    5. Confirm the information and click Finish.

Summary

In this post we saw how to create the certificates we need to manage or run jobs in our HDInsight cluster. In the next post we’ll see how to upload the certificates to the Azure portal and how to configure our service.

Happy coding!

@gjbellmann

Advertisements

2 thoughts on “Setting up a cloud service to run HDInsight jobs – Part 1

  1. Pingback: Setting up a cloud service to run HDInsight jobs – Part 2 | Guillermo Bellmann

  2. Pingback: Setting up a WebJob to run HDInsight jobs | Guillermo Bellmann

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s