Windows Azure Workflow Host Certificate

Damir Dobric Posts

Next talks:



Follow me on Twitter: #ddobric




After successful installation of Windows Azure Workflow, the IIS will contain a new site which is setup to host workflow management engine (Workflow Host Manager).
When you open IIS Manager (inetmgr) you will notice Workflow Management Site.


This site has by default HTTP and HTTPS bindings enabled. That means that the setup has generated a certificate that site which is self-signed. Some people think that self-signed certificate are not safe. This is not true. Such certificates are safe like any other certificate signed by publicly trusted authority. The only difference is that self-signed certificates do not provide a publicly trusted chain.

If I’m the guy who installed the the Windows Azure Workflow bits, I will trust myself by default. So, in this post at least for development purposes it is perfectly find to install this certificate as trusted one. It is very important that you setup this certificate as trusted one, because when working with workflows you will probably run into situation when nothing will work, because of missing trust. The only bad thing about that is that when this happen, you will probably have no a glue that the missing certificate chain trust has caused your problems.

To setup the certificate as trusted one, open IIS manager and edit H TTPS protocol in bindings of the Workflow management Site (see picture above)  and click Copy to File (On Windows Server 8. Previously that was a button “Export Certificate”).


Click next:
and then next again and select the name of the DER certificate file. Double-click on certificate and then click on “Install Certificate” in dialog below:


Then, select the sore explicitly be choosing “Trusted Root Certification Authorities”:


To be sure that you did all right, open the browser and navigate to following URL by using HTTPS:


The picture above shows the root scope (from workflow point of view) of default Workflow Host topic (from Service Bus point of view).

Posted Sep 04 2012, 07:47 AM by Damir Dobric is a .Net Community Blog powered by daenet GmbH.