I have a couple of web apps running on a single Azure App Service. I've uploaded a wildcard certificate to the app service and bound it to the relevant hostnames. When I open the app the first time in Chrome the green lock is displayed in the address bar. If I close the tab and open a new tab and try to open the web app I get the following message under the address bar.
When I checked the security tab in Chrome Developer Tools I can see this message.
The first time I connect to the site the security tab in Chrome Developer Tools looks like this:
I'm using the same certificate on a website hosted on SiteGround and I'm not having problems with the certificate there. This looks to be an issue on Azure.
I am using IIS to redirect to https in the web.config rather than using the "HTTPS Only" setting on the Azure portal. Even if I change this setting I'm still having the same issue with the certificate.
This only seems to happen on Chrome. Firefox and Edge are not having a problem.
Are there any settings I need to change in order to fix this?
Updated
I've also checked the site using SSL Labs SSL Server Test tool. Our own certificate is being recognized as trusted but there is another certificate further down in the results that is being recognized as not trusted.
Related
The web page has the capability of using videojs record for screen recording and webcam video recording. It is working fine on localhost and on shared hosting. But I have deployed website on AWS EC2 and Azure VM for testing and videojs record is not working there. As per my understanding it is all javascript and should be working on browsers where ever the site is hosted.
Any clue?
SCREENSHOT-1:
When user clicks on a button within square box, a window should appear for confirmation (shown in SCREENSHOT-2)
SCREENSHOT-2
This window appears if site is running on localhost or shared hosting service, but not if site is running on Azure VM or AWS EC2.
Testing Pages
https://clearn.codeschunks.com/test/recordvideo (working)
http://ec2-54-185-50-254.us-west-2.compute.amazonaws.com/index.php/test/recordvideo (not working)
The problem is due to security (https). If you see your connection to codeschunk.com is secure (https) while hosting on EC2 your connection is not secure (http only). You can solve it by two methods.
By making your connection to your hosting on EC2 instance secure (https). It can be done by installing SSL Certificate.
Or
Follow these steps in your browser (These are for chrome)
Navigate to chrome://flags/#unsafely-treat-insecure-origin-as-secure in Chrome.
Find and enable the Insecure origins treated as secure section
Add your address you want to ignore the secure origin policy for. In your case the address is http://ec2-54-185-50-254.us-west-2.compute.amazonaws.com/index.php/test/recordvideo
Relaunch the browser.
Now it should work.
I have a seemingly intermitted issue with a site I'm hosting on Azure.
The site works for most but we're getting a few reports that when people try to access the site via a link (in an email for example) the site throws an ERR_CONNECTION_RESET error in Chrome.
The site is an S1 App Service
The site running is .Net Core 2.1 (MVC)
It has Let's Encrypt certificate applied to it (and this shows in the browser)
It is set to be Https only and Always On in Azure's SSL and Application Settings blades respectively.
I've had a look around and it feels like maybe this is an SSL issue but I'm not sure.
I've done a re-bind of the cert.
Can anyone offer any advice? I've not encountered this before.
Update
An update from our clients suggest it could be happening as our domain is newly registered.
Specifically, it could be a reputation/categorisation issue coming in to play with the threat protection they utilise on their networks.
I will look into submitting an update to the relevant sites to see if it helps.
I have a hosted website using an Azure webapp. Sometime yesterday, portions of my website began to fail with network requests showing ERR_INSECURE_RESPONSE. Random image files, css, sometimes even the index (which Chrome really doesn't like). However, if I refresh a few times in Chrome, the assets load just fine. I'm access the site through the subdomain created when the webapp was set up so the SSL certificate is for *.azurewebsites.net and appears to be valid.
Is there a way to debug this further? Logs from my server don't seem to be showing any issues and there isn't a clear repro.
The fix for this was pretty simple and I wanted to post in case anyone stumbles across this because (I think) the settings by default were in the config that served the error.
I had a custom domain and had set up SSL for that domain on my Azure web app. The error I was seeing is that from time to time Azure would return the default SSL certificate for azurewebsites.net instead of the SSL cert I had purchased for the domain. The fix was to switch from IP SSL to SNI SSL. This can be done from the "SSL Settings" in your Azure Web App. Click the host name and modify the SSL Type.
I am trying to consume the certificate uploaded in azure website(not webrole) in my web app using following config
<microsoft.identityModel>
<!-- Service Configuration -->
<service>
<serviceCertificate>
<certificateReference findValue="2696C50B72CB368AEB11DE3B23CD226252A1BFD" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint"/>
</serviceCertificate>
<certificateValidation certificateValidationMode="None"/>
</service>
Code works fine on local system. But I am recieving error when deployed to azure website.
ID1024 The configuration property value is not valid
ID1025 Cannot find a unique certificate that matches the criteria
I then tried to browse all the certificates in my azure website(using code). But the certificate list does not contain my uploaded certificate.
Certificate is uploaded and can be seen in azure portal.
Custom domain is mapped and the uploaded certficiate is used against the domain.
But somehow my web app is unable to find the certificate. I tried all possible combination of StoreName and StoreLocation but in vain.
I think there may be some confusion on what the certificates you upload via the Configure tab for Websites are used for. Currently the certificates loaded there are ONLY used for SSL.
When looking at the little help icon next to the certificates section on the configure tab the tooltip states the following:
"This section lets you manage SSL certificates that you can bind to your custom domain names. Binding an SSL certificate to your custom domain name will allow your end users to access your site over HTTPS."
Windows Azure Web Sites exist at a process level, meaning that they can be started up on one machine but move around as the processes go up and down. If you aren't familiar with this I'd suggest reading up on how the hosting model works for Web Sites. Here is an article that covers it: Windows Azure Web Sites - A New Hosting Model for Windows Azure (full disclosure: I wrote the article).
Loading the certificate here I do not believe adds the certificate to any of the stores on the machines your web site runs on. Windows Azure would need to ensure that the cert is always on the machine the site is deployed to and since this is only at a process level and can change frequently (unless you are using standard) it doesn't make sense. The SSL certs are handled differently and as far as I know aren't really deployed to each machine.
As far as I know in order for you to load a certificate and use it you'll either need to look at a web role where loaded certs from the portal ARE placed into the store on the VM or look to see if you can load the certificate manually in code and ship the cert as content on your site (which seems a little less secure to me). I could just be overlooking an option though.
I configured the Default website in IIS for SSL by creating a CSR using the IIS itself, submitted it to a CA, and assigned the issued certificate as the server certificate. That's all is required in this world to setup server SSL. But when I open the https url it says "Internet Explorer cannot display the webpage". Which pillar should I bang my head against to get it working? The only help from microsoft I could find is that useless arcicle http://support.microsoft.com/?id=290391 that presupposes you are configuring a non-default website for SSL and goes on and on about port conflict. I'm using default website for https.
I'm using windows xp, IIS 5.1 and Microsoft Management Console 3.0.
Please help or courier me a shotgun for shooting myself.
Edit: After I configured IIS for SSL, the Apache Tomcat server which had been configured on port 8080 has suddenly stopped working. The 8080 urls just timeout. What is the connection?
Edit: Because I can't live without Tomcat on my machine, I used another machine to setup IIS SSL after stopping the tomcat there. I face the same problem there, "Internet Explorer cannot display the webpage". Please help before I shoot myself.
Don't shoot!
XP has given me fits with SSL... have you tried setting the application pool to high/isolated setting up the website with an identity under COM?
That seemed to solve some issues for me.
Also - did you make sure to set it up in the correct stores? Is this an application that is running under your account or a service account? If it is a service account you may need to do a RUN AS on the certificate management console and add under that user's personal store as well as under the appropriate store for the machine/computer.
Good luck.