Could someone explain the steps that one must do to show an Azure application (example.cloudapp.net) in a custom domain (service.example.com), when we want to use a secured connection? So the users browse to https://service.example.com, see it as a certified, trusted domain, and can safely access the application.
Right now, I think that
1) we need a domain (and subdomain) with a static IP from a service provider
2) we need a certificate from a CA for our domain
But I'm not quite sure how the connection between our domain and cloudapp.net should be made. I have found many examples and blog posts, but they tell either how to install a certificate to Azure application or how to show the application in custom domain (without the certificate).
This sounds like a basic requirement, so I'd expect a rather simple solution to exist.
Thanks!
Look at this blog entry
Custom Domain Names in Windows Azure
Basically you need to buy domain name and add some CNAME record in DNS table. The part remaining would be to buy appropriate SSL certificate for your site.
Here is a stop-gap for custom domains: http://www.bradygaster.com/running-ssl-with-windows-azure-web-sites
I do not believe that Azure currently supports using a certificate with a custom domain (see request for feature). In the meantime, you can use CORS.
Related
I'm looking at hardening LDAP on my domain controller (DC). To do this I need to import a security certificate to the DC.
I don't want to self sign as I've been told it is not best practice and the service I wish to integrate with LDAPS (Mimecast) does not recommend self signing.
I've created my certificate request, based upon the domain's fqdn. e.g. mydomain.local
What I'm not sure about now is where I can get a certificate based on that request.
I'm familiar with SSL for HTTPS. That process makes sense to me, the certification authority checks that I own the domain and provides a certificate that I can then install on my web server.
Will 3rd party SSL providers let me configure a certificate with the common name "mydomain.local"?
Or am I looking in completely the wrong area?
Many thanks in advance for any help that provided.
The type of certificate is exactly the same type of certificate as you would get for securing a website, yes. However, the domain name must be a valid internet domain (not .local)
There is a good walk-through here for Using Let's Encrtypt for Active Directory Domain Controller Certificates, including all the caveats you need to be aware of.
Say, for example, I have an Azure web app named MyApp and is hosted on Azure as MyApp.azurewebsites.net. It's my understanding that there is nothing I need to do to secure the URL with SSL, as it's done, by default, with a single certificate. So I can already have my users access the app via https://MyApp.azurewebsites.net, and it will be secure right out of the box.
However, say I have another URL named www.MyApp.com that I want to point (redirect) to https://MyApp.azurewebsite.net. Do I have to secure www.MyApp.com with a certificate?
Do I have to secure www.MyApp.com with a certificate?
Yes, we could get more detail info from the official document .
To secure your custom domain name with HTTPS, you bind a custom SSL certificate to that custom domain in Azure.
Before binding a custom certificate, we need to do the following:
Configure the custom domain - App Service only allows adding a certificate for a domain name that's already configured in your app. For instructions, see Map a custom domain name to an Azure app.
Scale up to Basic tier or higher App Service plans in lower pricing tiers don't support custom SSL certificates. For instructions, see Scale up an app in Azure.
Get an SSL certificate - If you do not already have one, you need to get one from a trusted certificate authority (CA).
Yes, if you use a custom host name, then you will need to have a certificate for it. There is really no way around this, based on how SSL works.
I'm wondering how I could add a SSL Certificate to a sub-sub-domain on Cloudflare like for example maintenance.login.example.com I've already added the sub-sub-domain to my site but I keep getting this error This site can’t provide a secure connection maintenance.login.example.com sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR
Our default/free certificates—"Universal SSL"—cover the apex of your domain (example.com) and one level of wildcard (*.example.com).
If you'd like to cover additional levels beyond that, e.g., *.test.example.com or maintenance.login.example.com, you can either purchase a Dedicated Certificate with Custom Hostnames or you can upload a custom certificate to a Business plan or higher.
I wrote a blog post describing Dedicated Certificates here: https://blog.cloudflare.com/dedicated-ssl-certificates.
I want to migrate an existing On Premise WCF service to Windows azure without asking clients to change anything in thier application like endpoint URL, certificate etc.
PLease let me know if this can be done?
In principal - yes.
The Endpoint Url is dependant on you controlling the domain and forwarding the URL over to Azure (for us, we use a CNAME redirect to the Azure URL). More details here.
For the certificate, as long as you've got an exportable version of the certificate with a Private Key, it should be a matter of uploading the certificate to the server that matches the endpoint URL. More details here.
So, all in all (with these changes in place) it's just a matter of uploading the certificate, redirecting to over to Azure and then letting DNS do its thing. If in doubt, certificates are buttons to purchase, so use that for testing purposes to prove the concept.
We have a multi-tenant website where we use a wildcard SSL cert to give people a subdomain to our site. Some of our customers would like to use their own domain, but I'm concerned about how we would manage each customer's certificate as our business grows. Currently the certificate resides on the web server, which means loading all of the certs to each web server as we add them.
I'm aware we could introduce a dedicated SSL device in front of the web servers, but are there other options to improve the management of these certificates?
I'm a Microsoft Technical Evangelist and one of my partners had exactly the same challenge.
I have created a sample source code that automates and manages SSL certificates for multiple domain bindings using a new IIS 8 (Windows Server 2012) feature called SNI, which is a kind of SSL hostheaders.
All you will need to do is to reuse my code (it's quite simple) and upload your custom SSL certificates to the blob storage, or you can write your own provider to fetch custom domains and certificates from your database.
I have posted a detailed explanation and a sample "plug & play" source-code at:
http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/
You could make your clients deal with their own certificates and make them run there own https site. They can serve a page containing a single frame with your content (over https). The users will see their domain and their certificate and the browser will load the frame without complaining as long as the frame contents are also loaded over a valid https connection. I created a quick an dirty test page so you can see it in action.
This solution will 'break' the address bar as it will keep the url of the page containing the frame. Depending on the type of site you're running this might be a showstopper.