Help to resolve the problem of publishing the empty cloud sample

Mar 29, 2011 at 1:43 AM


I would like to upload the hosted service from the empty cloud project provided by this toolkit. I found in the web how to create a .pfx certificate.

When I want to add the service, I got this error: The certificate with thumbprint 'F8ACE24A36F93B006BFAF495F6C14FB827AC61A3' is missing for hosted service 'asdf'.  Please install the certificate for this hosted service.

Do you have a step-by-step tutorial on how to use this toolkit on Windows Azure (i.e. not the emulator)?

Thanks you in advanced


Mar 29, 2011 at 6:05 AM

Hey there -

While we have not yet documented this process, it is definitely possible to deploy to Windows Azure.  Please perform the following tasks:

  1. Replace the SSL certificate with a trusted certificate. This means that you will not need to install any certificate in the phone device.
  2. Replace the Storage Emulator account information with a real Azure Storage account.
  3. Remove the file from the Web site and its related configuration (this was the SSL certificate that you needed to install in the phone).

In fact, I routinely use a set of services deployed to Windows Azure as it allows me to run my appliations on my phone device.



Mar 29, 2011 at 11:41 PM


Thanks for the reply. I'll wait to get the tutorial, I'm curious about how to create a good .prf certificate.


May 20, 2011 at 1:01 PM

Hey ArchieCoder,

To avoid the error you describe, you can just create a self-signed certificate for your Azure hosted service, and in the service config replace the default sslCert with that new cert.
Just follow the simple steps in this post :

If you create a self-signed certificate, the next step will be to install it on the phone. I'll follow up with a post shortly about that.


May 20, 2011 at 4:57 PM
Edited May 20, 2011 at 4:58 PM

OK I've been investigating installing on the phone the self-signed certificate I installed with the azure service deployment. Not an easy task, but after downloading and running wp7certinstaller from I was able to install the certificate on the phone (for details just ask). I also updated the endpoints in my phone app's App.xaml to reflect the cloud endpoints (as opposed to local service and local storage). However when I run the phone app in the emulator I get "not found" exception characteristic of the certificate not being accepted recognized. Not sure what the reason is, the wp7certinstaller blog does seem to indicate this works on the phone, but then again it doesn't specifically cover the scenario of the emulator accessing a cloud app (it does include a cloud app but only for the device to be able to install the certificate). Further investigation is required. It'd be great to be able to deploy the solution without getting an actual certificate from a CA...



May 20, 2011 at 5:04 PM

I'll have guidance for you all by the end of the day.

May 21, 2011 at 12:59 AM


I succeeded in authenticating into the cloud service from the phone emulator using a self signed certificate. Here's the process :

- Open the VS prompt in admin mode and create a new self-signed certificate using the makecert command :
makecert -r -pe -n "CN=[yourservicename]" -b 01/01/2000 -e 01/01/2036 -eku -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

Notice the [yourservicename] certificate name : it's the same as your production cloud service host name. This is the only way I've found so far for the cert name to match the service host, which seems to be a requirement. That means, you need to deploy the service in production instead of staging, since in staging the host name will be generated at deploy time using a GUID which you don't know ahead of time and so you can't configure it into your service endpoints (as shown in the next steps).

- Open the MMC by typing mmc in the start menu. Then, click File -> Add/remove snap-ins -> Certificates -> Add -> OK
Look in the Personal/Certificates directory and find the [yourservicename]

- Copy-paste the cert to 'Trusted Root Certification Authorities'/Certificates (so HTTP agents can trust the cert)

- Right-click the certificate and choose All Tasks -> Export to start the export wizard. Select "yes, export the private key", keep the default export file format, and provide a file name and path to export to.

- Log into the Azure Management Portal. Under your hosted service node, select "Certificates", click "Add certificate" to open the "Upload an X.509 certificate" dialog, select the exported file on your local machine and click OK to upload the cert to the cloud and associate it with your service role.

- In the Visual Studio WP7 cloud application template, open the properties page for the web role. Go to the Endpoints tab, and for the https endpoint, select the newly created certificate using the '...' list (give it a friendly name).

- Right click the cloud project and select 'Publish' to publish the service to the cloud

In a new Visual Studio instance, open the W7CertInstaller project (if you haven't, download it from
* Configure the WP7CertInstaller web app to run in IIS instead of the dev server
* Make the WP7CertInstallerExample phone app the startup project 
* In MainPage.xaml.cs, change the CertificateUrl string to https://localhost/WP7CertInstaller/Certificate.p7b?findBy=FindByThumbprint&findValue=[your cert thumbprint] 
(you get your cert thumbprint from the MMC or from the management portal by selecting the uploaded certificate)

- Without closing the emulator (otherwise the cert will be uninstalled), you can now run your WP7 cloud app from Visual Studio, and login or register from the phone emulator.

Note that instead of opening the wp7certinstaller project separately each, you can just host the wp7certinstaller web app locally once and for all and import the TrustedRootCertificateInstaller.cs class into your wp7 cloud app project so you can easily install the certificate in the emulator each time you need to.