Invalid certificate thumbprint in Windows Azure WebRole/WorkerRole

A communication via SSL is nowadays more important than ever. Hence at Tekaris I had to secure a website hosted in a Windows Azure Webrole with a SSL certificate.

I´ll demonstrate the way I did it based on a demo project. Additionally to uploading the certificate(s) to the Windows Azure Portal you have to add the certificates thumbprints to the appropriate WebRole or WorkerRole.

I opened the properties of the WebRole

Webrole_Properties

and clicked on “Add Certificate”

WebRole_Add_Certificate

Then it´s necessary to insert the thumbprint of the certificate. Microsoft provides instructions how to get that. I take the GlobalSign Root CA certificate as example.

Certificate_Details

As described in the instructions I copied the hexadecimal value of the thumbprint and inserted it into Visual Studio.

Webrole_Properties_With_Thumbprint

That´s it. Save – Build – Build failed… Well, why isn´t it surprising me?

I got the following errormessage:

The XML specification is not valid: The ‘thumbprint’ attribute is invalid – The value ‘‎b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c’ is invalid according to its datatype ‘http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration:ThumbprintType’ – The Pattern constraint failed.

Invalid_Thumbprint

My first suspicion was that I eventually have to remove the blanks but that didn´t solve it. So after counting the correct amount of hexadecimal characters (40) I noticed that I had to press the right cursor button twice at the beginning of the string in order to get past the first character. 

Indeed there was an “invisible” character at the first position that caused that error. The character has the decimal value 8206 and represents a “left-to-right mark“. After removing it everything worked like a charm. 

Advertisements

5 thoughts on “Invalid certificate thumbprint in Windows Azure WebRole/WorkerRole

  1. Pingback: Deploying a certificate into the Trusted Root store in Windows Azure Cloud Services | Yesterday it worked
  2. Pingback: Deploying a certificate into the Trusted Root store in Windows Azure Cloud Services | Yesterday it worked

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s