Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
How can I attach a certificate for the backend HTTP setting via DevOps Repo. The certificate is in my PC. Not much familiar with this coding logic.
Please help me
How can I attach a certificate for the backend HTTP setting via DevOps Repo. The certificate is in my PC
To achieve this, you could submit your certificate to the Secure files in the Azure Devops Library:
Secure files:
Use the Secure Files library to store files such as signing
certificates, Apple Provisioning Profiles, Android Keystore files, and
SSH keys on the server without having to commit them to your source
repository. Secure files are defined and managed in the Library tab in
Azure Pipelines.
Then we could use the Download Secure File task in a pipeline to download a secure file to the agent machine.
Next, we could use powershell scripts to attach a certificate for the backend HTTP:
Configure end to end TLS by using Application Gateway with PowerShell
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 days ago.
Improve this question
I enabled custom domain to access blobs on my storage account. On the storage account i initially had Secure transfer disabled. I was able to access the blob using custom domain. When i enabled Secure transfer i get the message AccountRequiresHttps
When i checked the tooltip on Secure transfer required it says "
The secure transfer option enhances the security of your storage account by only allowing requests to the storage account by secure connection. For example, when calling REST APIs to access your storage accounts, you must connect using HTTPs. Any requests using HTTP will be rejected when 'secure transfer required' is enabled. When you are using the Azure files service, connection without encryption will fail, including scenarios using SMB 2.1, SMB 3.0 without encryption, and some flavors of the Linux SMB client. Because Azure storage doesn’t support HTTPs for custom domain names, this option is not applied when using a custom domain name."
I was expecting the Secure tranfer required option wont really apply to custom domain
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
The question is about godaddy and Azure.
I have a azure 'web app' .
And I bought a domain name from go-daddy.
Do I need to ask go-daddy for a phx? Is that same as SSL certificate type Standard SSL DV ?
And then go to azure portal /Web ap/ TLS/ssl settings, and import a PHX t?
Thanks,Peter
I have try to create demo website for u. You can follow my steps to solve the issues. You can add Custom domains in portal, like below screen shots.
You need to perform DNS domain name resolution, and then apply for an SSL certificate.
After you have .pfx/.crt files, Click Add Binding,then upload your file, choose SSL Types value is SNI SSL.
Set here, your azure web URL has been set to your domain name, TLS/SSL settings are required below. Make the website trustworthy.
You can click TLS/SSL settings. You can refer the offical document.Click TLS/SSL SETTINGS->Private Key Certificates(.pfx)->+Upload Certificate->Select .pfx file and input your password. Then back to 'Custom domains',make sure HTTPS Only is on.
By setting you will see the following effect.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I am using windows Azure virtual machine where I have hosted one nodejs application with the help of IIS.
The nodejs app is running fine but it runs with 'HTTP' and I want to use 'HTTPS'.
So, the case is that it currently runs on http://example.azurecloud.net and I want to make it https://example.azurecloud.net
In order to install ssl, I have installed AD CS (Active Directory Certification Service) on my windows AZURE machine and tried to create certificate but when I try to create a certificate with that service, it asks like "Specify online certification Authority" and there is option to select certification authority which is disabled for me and I am not able to create certificate.
So my questions are
1] Why I am not able to get any online certification authority list ?
2] Is it possible to obtain SSL certificates for free ? If yes then how ?
It depends what kind of SSL certificate you need. If you need a widely trusted one, mscdex and Lex Li have given you some suggestions where to get one. Simply search for "free SSL certificates".
For your purpose you do not need a certificate authority like AD CS. That would be to much work for just one certificate, that's not widely trusted.
If you do not need a widely trusted one you can create a certificate on your own. With Windows 2012 R2 and newer you have a PowerShell command called New-SelfSignedCertificate.
Example:
New-SelfSignedCertificate -DnsName example.azurecloud.net -CertStoreLocation cert:\LocalMachine\My
After that you can select in IIS the new certificate in the web site's bindings:
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I have an Azure Web Site running successfully for the last year over SSL. The certificate is expiring, so I purchased a renewal. The steps I followed were:
use IIS to create the CSR
download the PKCS7 package (which includes intermediate certificates) from GeoTrust
complete the certificate request in IIS
use the certmgr MMC snap-in to export the PFX file with a private key and including all intermediate certificates and extended properties
upload to Azure
I am getting an error from Azure on step 5 - "Could not upload the certificate for web site XYZ." And the expanded error detail is "At least one certificate is not valid (Certificate failed validation because it could not be loaded.)"
Update: Azure support notified me on 2014/07/07 that the issue described below has been fixed.
I contacted Azure support and they confirmed that this is a known issue with the service. According to the tech I spoke to, a fix should be deployed some time next week.
In the meantime, I was provided with the following workaround:
While exporting the certificate, uncheck the following boxes:
Include all certificates in the certificate path if possible
Export all extended properties
Having just received the error as described (with a COMODO wildcard certificate) I tried NOT including the intermediate certificates when exporting the .pfx cert file and -- low and behold -- Azure accepts the certificate upload.
This goes contrary to the Azure docs, but initial testing of the https URL in Firefox, IE and Chrome doesn't show any problems.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have been using the new Windows Azure Websites preview to build a site for a customer. I recently deployed this site, and moved it to a reserved instance so that I could configure a custom domain for the site as required by the customer. So far so good.
My next step is to secure the site using an SSL certificate. I have searched long and hard on the azure website (as well as stackoverflow) but have not been able to locate any information on how to configure an SSL cert for a reserved website instance.
I have seen many examples of doing this with a web role (cloud service) but not for a reserved website.
Does anyone know if this is currently possible? Or is this perhaps one of the reasons why azure websites are still in a preview mode?
Update: Found a post on the Azure Forum indicating that this is not possible in the current release, but is coming soon in a future release. http://social.msdn.microsoft.com/Forums/en-US/windowsazurewebsitespreview/thread/4bf975e7-56c0-4a4d-bb6a-b9b82f0da469
I did a quick google and found this link. It has some useful information.
Thanks to #twomm here is a TLDR of the situation:
just to keep everybody from clicking through, this is the current state there: "We are shooting for April or May for this feature"
As of 3, June 2013 Azure Web Sites now supports SSL for custom domains for reserved web sites according to Azure Pricing Details Page.
Two type of SSL connections are supported.
1 - Server Name Indication (SNI) SSL connections which works on modern browsers.
2 - IP-based SSL which works on all browsers.
Currently Azure supports shared SSL certificate only. Custom SSL certificates aren't supported yet, however Microsoft is planning to introduce them very soon.
With shared security you can access the same https site with https.
I see that this post and the answers are from a couple years ago. Now that it is possible to add an SSL certificate to Azure for a custom domain, I thought it would be useful to post a full solution here.
The MSDN blog post that I have followed to install a GoDaddy certificate on Windows Azure site is Avkash Chauhan's Complete Solution: Adding SSL Certificate with Windows Azure Application . He doesn't detail the Certificate Authority part, but I added steps below referring to how it is done on GoDaddy. His blog and another he links to have great detail about the whole rest of the process. My summary of all the steps is:
Purchase your SSL credit at GoDaddy
Use the credit to create or renew your SSL Certificate on GoDaddy. As part of the creation process, GoDaddy will ask you for your Certificate Signing Request (CSR). The CSR should be created on your LOCAL IIS server, as follows
In your local IIS 7 Manager, go to Server Certificates and choose Create Certificate Request... on the right. This is where you specify your domain name and details, including the encryption strength. Choose 2048-bit or higher. And RSA as the Cryptographic Provider
Once the CSR file is created, paste the contents into the GoDaddy creation form. It will take 5 to 10 minutes for the certificate creation to complete.
Download the certificate as a .zip file and save to your computer
Go to IIS 7 Manager again and choose Complete Certificate Request... It will ask you to browse to a *.cer file. Actually, you should use the . filter and browse to the *.crt file that was in your .zip file. Give it a friendly name like MyDomainSSL2015
Now that the certificate is created, highlight it and choose Export to export it to a .pfx file. At this point you will also give the exported file a password.
(The next few steps come from another MSDN post by William Bellamy, linked to in the other post I referenced) Log in to Windows Azure, go to Manage the service where you want to install the certificate, and choose Certificates tab
Click "Upload" at the bottom. It will ask you to browse to your .pfx file and enter the password that you created
Now that your certificate is uploaded to Azure, you still must specify that you want your Role to use it. This can be done in Visual Studio. So open your Visual Studio project
Right click on your role and choose Properties. Go to the Certificates tab
Click Add Certificate. A new line will be created in the grid. Make sure that LocalMachine is selected for the Store Location and CA for Store Name (though My seems to work too).
Click the ellipses in the Thumbprint column. This will show you a list of all your local certificates. Choose the one with the Friendly Name that you created earlier
Go to the Endpoints tab. For your HTTPS Endpoint, choose the SSL Certificate Name that you just added.
Publish your role
That's it. Again, the two blogs I referenced have some more detail and some screen shots, though some of the screen shots are outdated.