Introduction
Managing an HDInsight cluster, or running an HDInsight job, from an Azure worker role, requires you to set up a certificate to access the HDInsight cluster. This post shows how to upload the certificates to the Azure management portal, and how to configure our cloud service. The previous post (Setting up a cloud service to run HDInsight jobs – Part 1) showed the steps to generate the certificate files we need.
Uploading the certificate files
The .cer file should be uploaded to the Azure portal under the “Management Certificates” section. To do so, follow these steps:
- Open the Azure management portal (https://manage.windowsazure.com/).
- Go to the settings section (left menu).
- Go to the “Management Certificates” tab.
- Click “Upload” on the bottom menu.
- Browse for your .cer certificate file.
- Click OK and the upload will begin. You’ll be notified when it’s ready.
The .pfx file should be uploaded in the “Certificates” section in your Cloud Service. To do so, follow these steps:
- Open the Azure management portal (https://manage.windowsazure.com/).
- Go to the Cloud Services section on the left menu.
- Select your Cloud Service from the list.
- Go to the Certificates tab.
- Click “Upload” on the bottom menu.
- Browse for the .pfx certificate file and enter the password.
- Click OK and wait for the certificate to be available, it will appear in the list when it’s ready.
Set up your certificate in Visual Studio
Now, it’s time for some code!
Open your Cloud Service project in Visual Studio and then open the role’s properties.
In there, go to the Certificates tab.
Click “Add Certificate”. This will ask you to set the Name, the location where the certificate will be stored, and the thumbprint for the certificate (you’ll get it when you select the certificate from the list).
That’s almost it! Now, you would be wondering how you access the certificate from your code, here is a helper function to find a certificate from the store:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public X509Certificate2 FindCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object searchCriteria) | |
| { | |
| X509Store certificateStore = new X509Store(storeName, storeLocation); | |
| certificateStore.Open(OpenFlags.ReadOnly); | |
| X509Certificate2Collection certificates = certificateStore.Certificates; | |
| X509Certificate2Collection matchingCertificates = certificates.Find(findType, searchCriteria, false); | |
| if (matchingCertificates != null && matchingCertificates.Count > 0) | |
| { | |
| return matchingCertificates[0]; | |
| } | |
| certificateStore.Close(); | |
| throw new ArgumentException("Unable to find a matching certificate in the certificate store. Please modify the search criteria."); | |
| } |
To get the certificate we configured in the previous step, we’ll need to call the function with these parameters:
- storeLocation: StoreLocation.LocalMachine
- storeName: StoreName.My
- findType: X509FindType.FindByThumbprint
- searchCriteria: your certificate thumbprint
And that’s it!!!
Summary
In this post we saw how to upload the certificates we created in Part 1 to the Azure portal and how to configure our service to access them.
Happy coding!
Guillermo Bellmann 
Pingback: Setting up a cloud service to run HDInsight jobs – Part 1 | Guillermo Bellmann