Yesterday @writeameer posted on twitter a search query, using the new GitHub Code Search, showing that there are a whole lot of users on GitHub that have exposed their management certificates to the public. If you are not aware a management certificate gives you access to administer your Azure account using the Windows Azure SDK tools. Which among other things allows you to publish, change, delete, or basically cause total havoc if it fell in to the wrong hands in your Azure account.
— writeameer (@writeameer) January 24, 2013
So what can be done about this?
Nothing can really be done about the old certificate being out in the public, once it is out there assume somebody has a copy of it. Luckily it is pretty easy to remove these certificates and generate new ones. Here is how you do it:
- Go to: https://manage.windowsazure.com
- Log in using your account credentails.
- Go to the settings tab at the bottom of the left hand side menu.
- Click “Management Certificates” right below the word “Settings”.
- Select a certificate, by clicking on it.
- Click the delete button in the bottom center of the screen.
- Repeat 5 and 6 until all certificates are deleted.
- You can either upload a new certificate, or just wait, a certificate is usually automatically created when you publish your certain types of projects like Web Roles.
Note: Azure is really shaping up to be a fantastic and innovative platform, so I plan on making Azure Tips a weekly feature of my blog, so stay tuned for some more tips in the near future.