We have an multi tenant application and working with apache tomcat webserver.
we are now pointing first tenant domain is www.example.com= http://43.21.54.32:8080/tenant1.html and second tenant domain is www.example2.com=http://43.21.54.32:8080/tenant2.html.
now we are planning to purchase SSL certificate to both domains. How could this possible..? Please help me on this.
I am not sure what are you asking help for?
Is it for the purchasing certificates or
Setting up the scenario pointing first tenant domain is www.example.com= http://43.21.54.32:8080/tenant1.html and second tenant domain is www.example2.com=http://43.21.54.32:8080/tenant2.html.
If it is 1, then you need to know that there is there is SAN Certificates (Subject Alternative Name), where you can have one certificate issued for multiple host names. The pricing for this is obviously on the higher side when compared to standard certificates. Here is a sample screenshot:
here is the link from Digicert for purchasing SAN Certificate: https://www.digicert.com/subject-alternative-name.htm
If it is 2, then you need to setup reverse proxy. See this link for more details as it is similar to your scenario: https://tecadmin.net/setup-apache-as-reverse-proxy-for-tomcat/
Related
I am working with Azure API Management Service, in the Consumption Tier, and I registered a "Custom domain" through a free account at Cloudflare, in cloudflare register the domain and configure full encryption.
Also add the domain as DNS to my API Management, as example CNAME "third.two.example.com".
Once this is done, create a source server certificate for the domain that I will use, it is a third level domain example "third.two.example.com" and then download the certificate and key (PEM and KEY).
Once this is done, because Azure when adding the certificate in API Management threw me the error "The content type needs to be application / x-pkcs12." I had to transform the certificate from PEM to PKCS12, I did it with the following script in OpenSSL on my computer.
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
(I did not add any key).
Then I upload the certificate in an Azure Key Vault as a certificate which does not give me any problem.
Finally I add the domain "third.two.example.com" to my Azure API Management referencing as custom domains in API Management, referencing the certificate uploaded to Key Vault, the process runs correctly and everything is fine.
However, when entering this domain, the browser shows me the following error:
And when trying to call the API through Postman with SSL active:
I also get the following error:
You could tell me if I'm doing something wrong or I have everything wrongly configured, I really don't have much knowledge in digital certificates so I don't know if I should do something additional or the configuration I'm using is not correct, thanks in advance for your comments.
The certificate information through the browser is as follows:
in advance thanks for your help !, sorry for the blurr but some data is private and I can't show it.
UPDATE
I found on this site that i have to change the cloud to orange (Proxied) so i did it and it doesn't work.
Finally i tested the same steps with the domain "third-two.example.com" and it works with 0 problems (The only thing to keep in mind is that the proxy must be activated after adding the domain in APIM), is there something that i need to do or update to some tier on CloudFlare for make a multiple level ssl certificate?, on the creation page, it says that is allowed here:
UPDATE - 2021-09-02
Ok, for everyone that still having this issue, there's no way to do that without an edge certificate (The plan cost 10 USD).
Quote for the activation:
Create a certificate in the dashboard
To create a new advanced certificate in the dashboard:
Log into your Cloudflare account and select a domain.
Select SSL/TLS > Edge Certificates.
Select Order Advanced Certificate.
If Cloudflare does not have your billing information, you will need to enter that information.
Enter the following information:
Certificate Authority
Certificate Hostnames
Validation method
Certificate Validity Period
Select Save.
With all the steps done, you can now order an edge certificate that contains, all the hosts needed, for my example: main domain, the wildcard domain, and the three level subdomain:
example.com
*.example.com
third.two.example.com
You can add a total of 50 hostnames, so if you need additional hostnames you can add it here, the steps are the following:
Log into your Cloudflare account and select a domain.
Select SSL/TLS > Edge Certificates.
Select Order Advanced Certificate.
In the certificate hostnames, fill all the domains from before.
With this steps and all the steps from before done, your API Management will recognize the domain as secured and also the SSL Certificate as follows:
Finally, i know this is a very specific topic using Azure Functions on Azure API Management, with a custom domain in Cloudflare, but maybe it can be usefull for someone, but it's not free, its 10USD per month, so if you want to use third level domain, but i think this is the cheapest and secure way to do it.
I will close this question.
I edited the question to add the answer from the CloudFlare forum, and it works so i think i will close this question.
So basically my old domain was benscottp.com for my main domain on Godaddy. I changed it last week to Atmosquare.co.nz. I have put a third party ssl on one of my websites before but it was a subdomain. I have provided a screenshot in my manage ssl panel and the ssl certificate that is for the new domain (atmosquare) has the details of the old domain in it? How do I change this as I think it's the reason behind the ssl not working.
enter image description here
SSL isn't working because it's not issued by a root CA trusted by the browser. There may be other problems also, but that's definitely one of them.
You can't change the certificate. You need to create/order a certificate that covers the domain(s) you want to run SSL on.
You can get free, valid certificates for whatever sites you need from https://letsencrypt.org/
I am working with a client who would have website as .com, .in, .com.au, .jp, .eu etc. We are planning to buy an SSL. Its a eCommerce site and needs to be secured. What SSL certificate should i choose to support various domains together?
Should i buy a SAN certificate? I would need some directions here. What will show up when some one clicks on the certificate of .jp webiste.
You are correct. You will need a unified communications (UC, SAN) certificate. Each TLD being different causes the domain to be different.
A UC certificate will let you bond all of the domains under one trust relationship. However, I would recommend just having different SSL certificates for each of them unless you plan on running them all on the same host machine.
Another potentially viable alternative, depending on how many other certificates you will need, would be to apply for a certificate authority (CA) trust with say VeriSign or any other CA. This would let you control your own enterprise PKI and issue any number of certificates while only paying one very large fee up front.
I see that we need to setup our DNS to point to our new router with SSL configured. My question is can we just use the CloudBees DNS entries if we don't have our own domain name? I.e. is there a way to point myapp.mycompany.cloudbees.net to the router with my SSL cert setup on that? Or do I have to go purchase a domain name from a 3rd party provider?
No, you will have to purchase a certificate for your router/IP service.
We are looking into a shared SSL service for this (which will probably do what you want) - this requires a flattening of names, however, as SSL certs aren't issued with 2 levels of "wild cards" at this time.
We would like to setup an application on Windows Azure at abc.cloudapp.net which would have a CNAME record for www.mydomain.com pointing to it and then allow clients to do the same. Our application would then look at the requested URL and then pull out relevant data based on the requested domain (abc.theirdomain.com or www.theirotherdomain.com).
Our initial tests show that this should work, however the problem lies in that we need the site to be secure. So we'd like clients to be able to setup shared SSL certs with us that we would upload to our Azure subscription that then allowed them to create a CNAME record (abc.theirdomain.com or www.theirotherdomain.com) that points to either www.mydomain.com or abc.cloudapp.net.
Is this possible?
Edit: I'm not sure if this is the same question as Azure web role - Multiple ssl certs pointing to a single endpoint.
We've used a multi-domain certificate in this situation - see http://www.comodo.com/business-security/digital-certificates/multi-domain-ssl.php for details. This will work for up to 100 different top-level domains.
The problem with a multi-domain certificate is that it is more expensive than a "normal" certificate and that every time you add a new domain, you will have to deploy a new package with the updated certificate.
On the other hand, you could have multiple SSL certificates (one for each domain) and then the answer you seek is here Azure web role - Multiple ssl certs pointing to a single endpoint.
No, I don't think your setup would be possible with a single SSL cert. In general, SSL certs are tied to the hostname (e.g. foo.domain.com and foo.domain2.com need different certs). However, you can purchase a wildcard SSL cert that will help if you use the same root domain, but different subdomains (e.g. foo.domain.com and foo2.domain.com can share a wildcard cert).
So, in your case, since you are allowing different root domains, then you need a different SSL cert for each. If instead you choose to allow different sub-domains on same root domain, you can get away with the wildcard cert.