I have a VM (IIS server) using a SSL certificate and also serves as a reverse proxy.
I plan on using the image from the VM to deploy a virtual machine scale set (with all the IIS and SSL config in place), will this work?
Sysprep, the process which generalizes an image to prepare it for use in a VMSS makes private keys inaccessible on clones, effectively removing the certificates. See: https://serverfault.com/questions/755057/is-there-a-way-to-prevent-sysprep-from-destroying-your-iis-installation
To re-inject your certificates into your image after generalization, you can use a tool such as the Custom Script Extension to reinstall the certs. For example: https://medium.com/charot/custom-script-extention-on-azure-vmss-e010a8c87904
Related
I have created a api app that runs in a container hosted in a Azure Web App service. This app needs to access to the certs that have been loaded into the azure web app service (using TLS/SSL settings).
I have tried setting the WEBSITE_LOAD_CERTIFICATES to *, but not sure that this has worked.
So how do I get access to the certs, and how can I confirm that they are avialable in my container. (Or do I have to manually load the cert into my container)
About your first question: "not sure that this has worked".
It is achievable to set the WEBSITE_LOAD_CERTIFICATES to *, see here:
The WEBSITE_LOAD_CERTIFICATES app settings makes the specified
certificates accessible to your Windows or Linux container apps
(including built-in Linux containers) as files.
Adding an app setting named WEBSITE_LOAD_CERTIFICATES with its value
set to the thumbprint of the certificate will make it accessible to
your web application. You can have multiple comma-separated thumbprint
values or can set this value to “ * “ (without quotes) in which case
all your certificates will be loaded to your web applications personal
certificate store.
About "how can I confirm that they are avialable in my container?"
In addition, Windows Server Core containers load the certificates into
the certificate store automatically, in LocalMachine\My. To load the
certificates, follow the same pattern as Load certificate in Windows
apps. For Windows Nano based containers, use the file paths provided
above to Load the certificate directly from file.
The official also offers a C# code shows how to load a public certificate in a Linux app.
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
...
var bytes = File.ReadAllBytes("/var/ssl/certs/<thumbprint>.der");
var cert = new X509Certificate2(bytes);
// Use the loaded certificate
Refer to:
Load certificate in Linux/Windows containers
Using Certificates in Azure Websites Applications
We have an AspNetCore WebAPI and an WebApp deployed in a couple of Azure Container Instances, and need to configure the HTTPS for both.
Right now (in development) we use self-sign certificates (.pfx) that are loaded on startup from a path in the container.
We are interested in using Let's Encrypt certificates but in my research I can't find a way to configure Let's Encrypt using Azure Container Instances. I can only find ways to configure Azure App Service and projects hosted in VMs.
Does anyone know of any way to do this configuration? Or some example that even if it is not identical, I can base it to make this configuration.
Thanks.
I have a virtual machine inside cloud service
i need to install ssl certificate on this cloud service
i saw this post about it
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-configure-ssl-certificate-portal/
but how can i make step 2?
i tried the rest of the steps and made them
but i have no idea about step 2, i don't have a web role
i have vm
Copying the answer by #Bruno Faria on Server Fault (https://serverfault.com/questions/722796/install-ssl-certificate-on-azure-cloud-service-vm/722811#722811) as I am not allowed to mark this question is duplicate of the one asked there:
The tutorial you are following is for web/worker roles cloud services
and not Virtual Machines. Although a VM uses the cloud service layer,
it's not the same thing. All you have to do is to install the
certificate as you would in any windows server machine and add the
Host A register to your DNS provider.
SSL Certificates CSR Creation :: IIS 8 and IIS 8.5
IIS 8 and IIS 8.5 SSL Certificate Installation
Update: In case of Apache (Linux)
OpenSSL CSR Creation for Apache SSL
Apache SSL Certificate Installation
Also, make sure to reserve your public in order to keep it in a event
of shutdown or restart of your virtual machines.
Reserved IP Overview
Here´s what we try to do:
We try to run several App Servers with Meteor and Mongo DB Servers on Azure VMs. We have them bundled in one cloud service with Endpoint sets that balance the load.
We setting them up via the Management Console (Ubuntu VMs) and then deploy Meteor and the content via Meteor Up.
Now we want to do HTTPS. Initially we thought that is handled by the LoadBalancer by mapping an external port 443 to the internal port 80 as there are options to upload Certificates.
It seems there is no option to configure that this way except for deployments using Visual Studio (and those seem to have to use at least some Web roles).
Here is where we struggle:
Using HTTPS seems to be tied to deploying an App developed in visual studio and/or on Windows VMs?
That´s the question:
Is it possible to use load balanced HTTPS on szure with Linux VMs?
PS: This is the Article that made me think the Load Balancer might does SSL encryption by itself: https://msdn.microsoft.com/en-us/library/azure/ff795779.aspx
AFAIK, the load balancer of Azure would only spread the traffic to the instances internal endpoint, and do not encrypt the traffic in SSL. (see: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-overview/)
Even for the deployment using Visual Studio, I believe the mechanism behind is also the IIS on each web role encrypting the traffic, but not the load balancer job.
So, you should add SSL on the web server of each VMs such as using nginx.
I have created an Ubuntu VM in Azure and I would like to install an SSL Certificate for that VM. This VM runs a django project on apache. What do I do to install the certificate for this VM??
From what I've seen I would have to create a CNAME from an external domain (for which I have issued the SSL) that maps to the DNS name of this VM.
And then what?? Do I follow the process of installing a Cert for apache? Do I have to do anything in the Windows Azure Management Portal or everything is covered by just adding the files to apache and make the appropriate configs??
There is nothing unique about Windows Azure here; you should follow the standard guides for the Linux platform you are using to configuring Apache or whatever web server you are using.
Most SSL certificate companies provide information on configuring Apache/httpd etc. to do this.
For example, GoDaddy provides this resource: http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache