I'm trying to enable HTTPS on my Azure cloud service.
It doesn't belong to azurewebsites.
I'm using a self-signed certificate, already generated.
Following this guide I encounter a problem: I'm not able to access to the .csdef file to modify WebRole section to create a proper endpoint as described in the guide.
I would like to know if there's any method to enable HTTPS using self-signed certificates through the Azure Portal.
I tried to open the 443 port naming the endpoint HTTPS, using TCP protocol; unfortunately I notice that modifying the .csdef file instead it's possible to apply the https protocol directly.
Can you help me? I'm kind of stuck at the moment.
The Service configuration file and Service package were placed in storage. With Get Package (REST API) you can retrieve cloud service package that used for deployment before.
Also here is a more detailed article: Download Microsoft Azure Cloud Service Package files, hope it do help.
Related
I am trying to follow this tutorial to create certificates in Azure for a custom domain. I have the same issue as Marc:
However, I have set access to DNS Zone already:
Could the problem be that is it a custom Domain? If so any workaround, if not anything else to check?
As the tutorial you followed mentioned that "there is a plugin for Azure Web Apps, but this only works for Windows web applications", so you may not follow that steps.
To create a certificate for the static website in a storage account, you can follow this blog1---Enable HTTPS with Lets Encrypt on Azure static site and read this blog2 for more details.
An Azure static site hosted on a storage container allows you to have a free certificate provided by DigiCert but only for subdomains (such as www). If you want to use the root domain, it's available for using the Bring your own certificate feature. You need to configure HTTPS on an Azure CDN custom domain.
There is an amazing project lets-encrypt-azure on GitHub that allows you can run as an Azure Function that will provide this endpoint, download the certificate to an Azure Key vault to be used by your CDN.
I am using Clickonce for deploying my WPF application and this is being done in Azure Blob storage. Since this is a custom URL it won't be white listed in many of the client machines and hence I mapped a custom domain for the same. I was able to access the HTML page and download the setup file but download of .application file is not being done as connection could not establish a trust relationship for the SSL/TLS secure channel.
Is there a way to overcome this? Can I map SSL certificates to my custom domain.
Taken from the documentation page:
Azure Storage does not yet natively support HTTPS with custom domains.
You can currently Use Azure CDN to access blobs by using custom
domains over HTTPS.
Can we use Service Management API to create/update/Delete Resource with XAMPP Localhost? They seek Certificates .cer and .pfx. I have uplaoded under Azure panel and unser my service -> SSL Settings.
When I am trying to make a connection from my local machine for Service API it still giving me exception Certificate not found. I am using PHP SDK for Azure. [package : "microsoft/windowsazure": "^0.5"]
can someone please guide me how to make conneciton from local and what if I want to make it in production?
Was using wrong format of certificates, it needs .pem file absolute path. .cer must have to be imported under your Subscription Management certificates in Azure portal
Anyone can find a workaround for having custom domain pointing to azure blob? Can application gateway pointed to there? how?
Facts :
- Azure blob does not support custom domain for SSL
- Using custom domain with SSL will prompt security concern due to the assets is from different SSL cert.
No. Currently there is no support for custom domains with SSL on Azure Storage services.
Give your vote here to help get this prioritised!
I have been using Application Gateway with my custom SSL to access BLOB.
Create a Application Gateway instance.
Add your custom SSL inside the SSL Settings in the App Gateway.
Configure backend pool and listener in App gateway.
Create a container and upload an image into it, copy the image URL. Replace the image domain BLOB URL with the Application Gateway IP. Request the image.
For retrieving sensitive files: Once you get the image, remember to turn off the Allow Blob public access toggle in your Storage Account settings.
During the development, we didn't get the domain binding for our application, so we just use the Azure URL, something like this: xxx.cloudapp.net.
Because we would like our website use HTTPS protocol, we need to use a certificate, just follow the MSDN, we generated the self-signed pfx file using IIS Manager. Before we publish our application to cloud, we upload the pfx file to cloud by the portal page.
So my question is, is above the only way for this situation? Which I means, I need to upload the certificate to cloud manually first, then publish the application? Is there a way I don't need to to this, something like I even not rely on IIS Manager, the cloud can generate a certificate?
Simple answer to your question is No, Azure can't create a certificate for you. But you could do the same.
To elaborate further, let me explain you what's happening behind the scenes. So you have uploaded the PFX certificate in the portal and in your application configuration screen you have specified the thuumbprint of that certificate. When Azure Fabric Controller spins of the VM, it checks for this certificate thumbprint and based on that it fetches the certificate you uploaded previously and installs that certificate. Furthermore it makes changes to the IIS settings does the SSL magic. Now if you want (not sure why) but you could do the same. If we take just development environment, what you could do is write a startup task which would first create a certificate using makecert utility. Then you would write some IIS scripts which will do the SSL magic for IIS.
Yet another thing you could do is automate the deployment of your code using Azure PowerShell Cmdlets. As a part of deployment automation, 1st thing you would do is upload the SSL certificate using Add-AzureCertificate and then create a deployment of your service using New-AzureDeployment.