We purchased a domain name from Network Solutions, and set up our website as two App Services in Azure (one within US East and one within US West). Our domain name purchased from Network Solutions is assigned as a hostname in Azure, and a traffic manager balances the traffic between the two App Services. I have two questions...
Azure offers SSL Certficates. If I purchase an SSL Certificate from Azure, is there anything I need to do in Network Solutions to update the site?
Do I need to purchase two SSL Certificates since I am using two App Services?
I have looked at these articles, but unfortunately, they did not answer my questions:
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-purchase-ssl-web-site
Thank you!
If you already have a custom domain associated with your Web Apps (both deployments Region #1 and #2), then no. You're all set.
E.g. www.example.com pointing to {TrafficManagerName}.trafficmanager.net
No. Just one TLS certificate valid for www.example.com or *.example.com
See my answer here for more:
https://stackoverflow.com/a/40399500/4148708
Related
I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.
I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.
All my sites are like this:
http://foo1.trafficmanager.net
http://foo2.trafficmanager.net
http://foo3.trafficmanager.net
http://foo4.trafficmanager.net
http://foo5.trafficmanager.net
http://foo6.trafficmanager.net
As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...
Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.
Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
I read quite a lot documents and other questions on stackoverflow about this, and I have to admit that it just makes me much more confused.
I have a site that hosted both in EU west and EU north azure. Say their urls are:
exampleeuw.azurewebsites.net
exampleeun.azurewebsites.net
Then I bought a ssl certificate for www.example.com.
On both sites, I added www.example.com to custom domain.
On both sites, I uploaded the certificate.
Then created the traffic manager site and its dns name is "example.trafficmanager.net", I have both web app added as end point.
But should I access https://www.example.com or https://example.trafficmanager.net?
If I access https://www.example.com, how can that traffic go to the traffic manager first?
Also when I created Traffic Manager profile, I have to select a Resource group location (north Europe for example), if North Europe azure is down, will it impact the access?
Really hope that I can find some step by step examples on how Microsoft wants us to use this, as it has been a quite frustrating learning process.
Requests should go to the traffic manager. It will be the one redirecting to both of your App Services no matter where they are.
Prior configuring your Traffic Manager and DNS, make sure both of your web application are working and configured with custom domains and SSL certificates.
Then, in your DNS, point your www.example.com website to the traffic manager as shown here:
https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-point-internet-domain/
That's all you have to do.
I bought some domains a few years ago and managed it within the admin section the provider offered. I would like to manage both the domains and servers within one service, hence Azure. Is their a way to transfer my domain to a service within Azure? I know you can buy domains within Azure, hence I assume you can transfer them to Azure as well, though I read everywhere that I can only point them within the DNS.
Help would be highly appreciated!
You can use Azure DNS (warning: currently in preview so no SLA)
https://azure.microsoft.com/en-us/services/dns/
You maintain the old registrar for all administrative activities (i.e. annually payment for your domain) and move technical activities on Azure (name server and DNS records). You can do that for all your domanin (yourdomain.com) or only for a zone (subdom.yourdomain.com).
Details here:
https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-dnszone-portal/
https://azure.microsoft.com/en-us/documentation/articles/dns-domain-delegation/
I am looking to move my websites from sitting on an Azure VM to being in an App Service.
In the App service there are several items in the Pricing I don't understand and cannot find answers too. Do you know what these items means?
"Up to 10 Instances" Auto Scale. Does this means I can host 10 apps on this plan, or that it will create new instances for my individual apps when under load? IE if my website google.com was being used a lot, would 10 instances of this website spin up?
5 SNI, 1IP - What on earth does this mean?
Thanks!
Tom
Auto Scale means that the Azure will automatically create instances or shutdown them, based on your website traffic. So your second example is correct.
5SNI (Server Name Indication) or 1IP, I'm just gonna explanation copy and paste from Azure documentation website (here) as I believe it's explained quite well:
IP based SSL associates a certificate with a domain name by mapping the dedicated public IP address of the server to the domain name. This requires each domain name (contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method of associating SSL certificates with a web server.
SNI based SSL is an extension to SSL and Transport Layer Security (TLS) that allows multiple domains to share the same IP address, with separate security certificates for each domain. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI, however older browsers may not support SNI. For more information on SNI, see the Server Name Indication article on Wikipedia.
I have a wildcard SSL certificate for *.mydomain.com
I have 20 subdomains that I would like to secure using Azure Websites.
Will I be charged £5.4981/month or £109/month (20 x £5.4981/month)
On the pricing page it says ' £5.4981/month (per certificate supported)'
http://azure.microsoft.com/en-gb/pricing/details/websites/
But when you add a new binding in Azure for each subdomain it says this might affect your pricing.
Thanks in advance.
You are using a wildcard certificate. You are only going to pay for the certificate and not for each individual sub domain that you want to use. The number of websites that you want to host is not going to affect the price that you will need to pay for the certificate.
Do note that creating web sites in azure does come with additional costs. They can be found here.