I have a wildcard SSL certificate for *.mydomain.com
I have 20 subdomains that I would like to secure using Azure Websites.
Will I be charged £5.4981/month or £109/month (20 x £5.4981/month)
On the pricing page it says ' £5.4981/month (per certificate supported)'
http://azure.microsoft.com/en-gb/pricing/details/websites/
But when you add a new binding in Azure for each subdomain it says this might affect your pricing.
Thanks in advance.
You are using a wildcard certificate. You are only going to pay for the certificate and not for each individual sub domain that you want to use. The number of websites that you want to host is not going to affect the price that you will need to pay for the certificate.
Do note that creating web sites in azure does come with additional costs. They can be found here.
Related
TL;DR;
What's the way to distribute an SSL certificate across regions, so that no matter which region the application is hosted - it will serve the SSL certificate for the requested custom domains.
Explanation:
We have an Azure Web app where we add custom domains per user. We want to scale the app in different geographic regions behind a traffic manager so that when the website is accessed from Australia - it will be served from the Auatralia's Web App, and when the request comes from Europe - the web app in Europe will serve the request. So, in current situation, regardless of where the request is coming from it will always be served from one location, for example: Europe.
The challenge here is we can add the custom domain in only one of the web app, due to the fact that you need a CNAME entry pointing to an individual URL. It cannot point at two different URLs at the same time. It is possible to route the requests to individual apps but the other web app will not be able to serve the SSL certificate if it's mapped on App1 in region1.
How to distribute or maintain the pool of certificates which can be access by the web apps in different regions? Is there any way with Microsoft Azure?
Update:
We are going to have N number of custom domains, and so N number of SSL certs to handle. AFAIK, Azure Front Door and Azure Traffic Manager - we can map a custom domain to their own endpoints, and is limited to one custom domain. Here I'm talking about handling thousands of external custom domains/SSL Certs.
Thanks in Advance! 🙏
Instead of using Traffic Manager, I would use Azure Front Door. This has a built-in SSL certificate management. You don't even need to purchase the certificate yourself.
What I understood from the question is basically you would like to address the request from the same region rather than from one location. In that case, I would suggest have a look at azure application gateway. Here, you can define path-based load-balancing rules. In that path based, basically you can have one attribute which identifies location say /api/emea/images, /api/apac/images. Off-course you need to first define API on these lines to accommodate some kind of identifier. Once done, then based on this you can create this load-balancing rule in application gateway. Then, you can have different backend pools say one sitting in EMEA region with four-five virtual machines, that can handle traffic from EMEA region. Similarly, it goes for another region as well. Try implementing the same on these lines. You can also explore front door option as well as it handles load-balancing globally and your certificate related stuff should also get addressed. It should address your problem.
I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.
I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.
All my sites are like this:
http://foo1.trafficmanager.net
http://foo2.trafficmanager.net
http://foo3.trafficmanager.net
http://foo4.trafficmanager.net
http://foo5.trafficmanager.net
http://foo6.trafficmanager.net
As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...
Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.
Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
Aim:
I want to use free SSL certificate on Cloudflare on the website that is current hosted on Azure.
Background
A SSL certificate has been bought from Azure, but we found that we need to upgrade our subscription before able to bind it to our website. Hence, we decided to use Cloudflare free plan that also offers SSL. The domain provider that we use is godaddy.
Problem:
I have followed the instructions here, and now on the Cloudflare, I could see the status for SSL certificate as Active Certificate. However, when I enter the url as https://mywebsite (https), it says that This certificate is not valid (host name mismatch), which is shown on the screenshot below:
Questions
Why does the current SSL certificate points to .azurewebsites.net? Shouldn't it points to cloudflare, after changing the nameservers? What does it mean by host name mismatch?
Current status for SSL certificate on Cloudflare is Active Certificate, does it mean that it's verified and currently applied to the website?
Thank you very much!
You are correct, if it is configured properly it should display the correct certificate in your browser. Possible reasons that it doesn't show correctly: old certificate cached in browser, old nameservers cached, you're not using cloudflare for the appropriate DNS records.
1b. As for the host name mismatch, you typed in example.com and it returned a certificate for a different domain. This means that the data can still be encrypted during transmission but that you are probably not communicating with who you think you are.
Not necessarily. In the article that you link is a great diagram of this process (5th image). You are using Flexible SSL. In order for this to work your website needs to go to Cloudflare's servers first. You can have an active certificate but that doesn't mean that it's been applied to your website. Make sure that the domain and/or any subdomains are on cloudflare and that data is routed through Cloudflare's servers.
We purchased a domain name from Network Solutions, and set up our website as two App Services in Azure (one within US East and one within US West). Our domain name purchased from Network Solutions is assigned as a hostname in Azure, and a traffic manager balances the traffic between the two App Services. I have two questions...
Azure offers SSL Certficates. If I purchase an SSL Certificate from Azure, is there anything I need to do in Network Solutions to update the site?
Do I need to purchase two SSL Certificates since I am using two App Services?
I have looked at these articles, but unfortunately, they did not answer my questions:
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-purchase-ssl-web-site
Thank you!
If you already have a custom domain associated with your Web Apps (both deployments Region #1 and #2), then no. You're all set.
E.g. www.example.com pointing to {TrafficManagerName}.trafficmanager.net
No. Just one TLS certificate valid for www.example.com or *.example.com
See my answer here for more:
https://stackoverflow.com/a/40399500/4148708
I am looking to move my websites from sitting on an Azure VM to being in an App Service.
In the App service there are several items in the Pricing I don't understand and cannot find answers too. Do you know what these items means?
"Up to 10 Instances" Auto Scale. Does this means I can host 10 apps on this plan, or that it will create new instances for my individual apps when under load? IE if my website google.com was being used a lot, would 10 instances of this website spin up?
5 SNI, 1IP - What on earth does this mean?
Thanks!
Tom
Auto Scale means that the Azure will automatically create instances or shutdown them, based on your website traffic. So your second example is correct.
5SNI (Server Name Indication) or 1IP, I'm just gonna explanation copy and paste from Azure documentation website (here) as I believe it's explained quite well:
IP based SSL associates a certificate with a domain name by mapping the dedicated public IP address of the server to the domain name. This requires each domain name (contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method of associating SSL certificates with a web server.
SNI based SSL is an extension to SSL and Transport Layer Security (TLS) that allows multiple domains to share the same IP address, with separate security certificates for each domain. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI, however older browsers may not support SNI. For more information on SNI, see the Server Name Indication article on Wikipedia.