When initially setting up new Recovery Services on Windows Azure for the Azure Online Backup service, you are asked to provide a certificate that will be used to manage the identity of the servers allowed to back up to the specified vault. You have the option to either purchase a certificate, or create a self-signed certificate.
We found that the default instructions provided for creating a self-signed certificate are incomplete. If you create a self-signed certificate with an expiration date over 3 years, Azure will reject your certificate, but not tell you why.
To have your self-signed certificate accepted by the Azure Online Backup service, you must specify an expiration date of less than 3 years, and include the other parameters in the example below. Replace the highlighted sections with the information specific to your certificate:
makecert.exe -r -pe -n CN=CertificateName -ss my -sr localmachine -eku 184.108.40.206.220.127.116.11.2 -len 2048 -e 01/01/2016 CertificateName.cer
For better instructions and details on managing certificates for the backup service, we recommend referencing the following page found on the MSDN web site: