I see that we need to setup our DNS to point to our new router with SSL configured. My question is can we just use the CloudBees DNS entries if we don't have our own domain name? I.e. is there a way to point myapp.mycompany.cloudbees.net to the router with my SSL cert setup on that? Or do I have to go purchase a domain name from a 3rd party provider?
No, you will have to purchase a certificate for your router/IP service.
We are looking into a shared SSL service for this (which will probably do what you want) - this requires a flattening of names, however, as SSL certs aren't issued with 2 levels of "wild cards" at this time.
Related
Microsoft docs say to use something like clustername.eastus.cloudapp.azure.com, but what about custom DNS for the cluster?
Will the certificate properly validate or should the custom DNS (i.e. clustername.domain.com) be used?
The dns provided by the docs is just an example, I don't think you will be able to register a certificate against a domain you don't own like .azure.com.
In this case, you will register a certificate against a domain you own, and you either:
Register a CNAME record on your damain to redirect to the cluster domain clustername.eastus.cloudapp.azure.com or
Configure the DNS A Record to point to you cluster Load Balancer IP
In the demo, the Commom Name is just used to identify the certificate installed in the node(vm) certificate store.
The following links describes the use of certificates in more details:
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-via-portal
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-security-update-certs-azure
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-windows-cluster-x509-security
So basically my old domain was benscottp.com for my main domain on Godaddy. I changed it last week to Atmosquare.co.nz. I have put a third party ssl on one of my websites before but it was a subdomain. I have provided a screenshot in my manage ssl panel and the ssl certificate that is for the new domain (atmosquare) has the details of the old domain in it? How do I change this as I think it's the reason behind the ssl not working.
enter image description here
SSL isn't working because it's not issued by a root CA trusted by the browser. There may be other problems also, but that's definitely one of them.
You can't change the certificate. You need to create/order a certificate that covers the domain(s) you want to run SSL on.
You can get free, valid certificates for whatever sites you need from https://letsencrypt.org/
We have an multi tenant application and working with apache tomcat webserver.
we are now pointing first tenant domain is www.example.com= http://43.21.54.32:8080/tenant1.html and second tenant domain is www.example2.com=http://43.21.54.32:8080/tenant2.html.
now we are planning to purchase SSL certificate to both domains. How could this possible..? Please help me on this.
I am not sure what are you asking help for?
Is it for the purchasing certificates or
Setting up the scenario pointing first tenant domain is www.example.com= http://43.21.54.32:8080/tenant1.html and second tenant domain is www.example2.com=http://43.21.54.32:8080/tenant2.html.
If it is 1, then you need to know that there is there is SAN Certificates (Subject Alternative Name), where you can have one certificate issued for multiple host names. The pricing for this is obviously on the higher side when compared to standard certificates. Here is a sample screenshot:
here is the link from Digicert for purchasing SAN Certificate: https://www.digicert.com/subject-alternative-name.htm
If it is 2, then you need to setup reverse proxy. See this link for more details as it is similar to your scenario: https://tecadmin.net/setup-apache-as-reverse-proxy-for-tomcat/
My main site https://example.com has an SSL cert, no problem.
Now, I have developped a related application, that is hosted on a completely different server, and under : app.example.com. It has a dedicated IP.
The app uses websockets and needs SSL to function properly acros all devices. But I'm having trouble finding out how to register a new certificate for a subdomain... What's the strategy here? Should I have a wildcard cert on the main server, and somehow redirect from there? In that case, the app server wouldn't have access to the cert, and I wouldn't be able to create my secure socket connection, right?
The certificate has to be installed where the server which provides content using this certificate. This means
That the certificate for the subdomain has to be used on all servers which serve the subdomain, i.e. your websocket server.
And nowhere else, i.e. it is not needed at the main domain just to provide a redirect from the main domain away.
You are free to use any certificate which matches the subdomain, that is it can be a wildcard certificate but can also be specific for only this domain.
You can go for a wild card certificate and bind it to all the URL's who share the same domain. But keep in mind, the wildcard certificates (irrespective of any brands) supports unlimited first level sub domains .
Wild card certificates can be installed on any server where the FQDN is hosted. In situations where the the sub domains are hosted on multiple servers, the wildcard certificate will work for all of them.
We would like to setup an application on Windows Azure at abc.cloudapp.net which would have a CNAME record for www.mydomain.com pointing to it and then allow clients to do the same. Our application would then look at the requested URL and then pull out relevant data based on the requested domain (abc.theirdomain.com or www.theirotherdomain.com).
Our initial tests show that this should work, however the problem lies in that we need the site to be secure. So we'd like clients to be able to setup shared SSL certs with us that we would upload to our Azure subscription that then allowed them to create a CNAME record (abc.theirdomain.com or www.theirotherdomain.com) that points to either www.mydomain.com or abc.cloudapp.net.
Is this possible?
Edit: I'm not sure if this is the same question as Azure web role - Multiple ssl certs pointing to a single endpoint.
We've used a multi-domain certificate in this situation - see http://www.comodo.com/business-security/digital-certificates/multi-domain-ssl.php for details. This will work for up to 100 different top-level domains.
The problem with a multi-domain certificate is that it is more expensive than a "normal" certificate and that every time you add a new domain, you will have to deploy a new package with the updated certificate.
On the other hand, you could have multiple SSL certificates (one for each domain) and then the answer you seek is here Azure web role - Multiple ssl certs pointing to a single endpoint.
No, I don't think your setup would be possible with a single SSL cert. In general, SSL certs are tied to the hostname (e.g. foo.domain.com and foo.domain2.com need different certs). However, you can purchase a wildcard SSL cert that will help if you use the same root domain, but different subdomains (e.g. foo.domain.com and foo2.domain.com can share a wildcard cert).
So, in your case, since you are allowing different root domains, then you need a different SSL cert for each. If instead you choose to allow different sub-domains on same root domain, you can get away with the wildcard cert.