This question will be easy for those who work in cloud services or for those who having some good knowledge about windows azure.
I have a ssl certificate specified its thumbprint and other details in configuration file. When my package is deployed in the cloud service, the certificate doesn't get grouped under trusted certificate group.Insted it gets grouped under intermediate certificate group in all the instances. Because of this I am getting some certificate issue while accessing a site.
On googling I could find from the microsoft blog, that all the certificates from trusted sources will be grouped under trusted certificates in the azure cloud service virtual machines. But here it is not doing so..
Any ideas on this?
Any comments would be really appreciated..
When deploying certificates to an Azure cloud instance, you may have to include more than jus the SSL certificate to secure the domain. You may also have to list any intermediate certificates, as well as the root certificate. Have a look at this article that describes how to confiugre chained certificates for Azure and let me know if it helps at all.
http://blogs.msdn.com/b/azuredevsupport/archive/2010/02/24/how-to-install-a-chained-ssl-certificate.aspx
This was due to an os upgrade from Microsoft. It was fixed by them and now this seems to be working perfect..
For more: visit http://msdn.microsoft.com/en-us/library/windowsazure/ee924680.aspx
Related
I have a web app that is hosted on three app services within a single subscription. All of them are hosted with different subdomains:
mystie.com
dev.mystie.com
demo.mystie.com
I bought Azure Wildcard certificate to provide ssl connection and I'm able to bind it to mystie.com and to dev.mystie.com, but not to demo.mystie.com.
It is listed in the Private Key Certificates table
But not in Private Certificate Thumbprint list on the TLS/SSL binding window
What I'm doing wrong?
P.S. Do I need to provide some additional information for you guys to help you figure out this issue?
After couple of hours, the certificate appeared on the list... can't explain this...
I have created web apps in Azure which use the built-in certificate for *.azurewebsites.net. SSL works fine here.
I have recently created another web app and the certificate it is using is MYSITE.azurewebsites.net. This certificate has a completely different chain than the other one--the root of which is not trusted on my machine.
Can anyone explain why one site would use the wildcard and the other one wouldn't? Also, why would the certificate chain be different?
(The wildcard cert has a DigiCert root, whereas the site-specific domain (MYSITE.azurewebsites.net) has a Cisco umbrella Root CA)
I wrote Azure Support an got in contact with their Azure Web App Product Group. They gave me the following message
This Cisco Umbrella certificate is not coming from Azure. You doesn’t have any SSL binding nor uploaded any certificate into your subscription.
Most likely your client machine is in a network protected by Cisco Umbrella product. Kindly contact to Cisco Umbrella product support team.
Another option to resolve this issue is to bind a custom domain and add a SSL certificate (Free or App Service or any other certificate) so that you do not use .azurewebsites.net URL.
I am providing you relevant articles which will give you all the details about adding custom domain and binding SSL to your App Service.
You can go through them once and then feel free to reach out to me if you have any questions or concerns
https://learn.microsoft.com/en-us/azure/app-service/manage-custom-dns-buy-domain -> Buy a custom domain name for your Azure App Service.
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain -> Add custom domain to your Azure App Service.
https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-> Bind SSL certificate
I have a [major corporate] client who are about to change the SSL certificates that they use with their API services.
I have an application with APIs that consume those of our client (server to server, not browser to server).
Our client has issued a Linked CA certificate to 3rd parties (such as my company). We have been instructed to install the supplied certificate onto our servers.
I have been tasked to prove that our own service will continue to work after their change. I believe that I may need to be able to demonstrate the chain of trust.
The supplied Linked CA is "DigiCert Global CA G2".
Our own APIs are hosted on an Azure API/WebApp.
I do not believe that we should even be considering installing Linked CA's on Azure app services. I suspect that MS manage this entirely as part of the platform.
I have raised this question as a helpdesk ticket with Azure support, but after a few false-starts explaining the issue, the advise we have now received is a reference to this article https://azure.microsoft.com/en-us/blog/enabling-client-certificate-authentication-for-an-azure-web-app/. With genuine respect to MS helpdesk, I don't believe that this addresses my issue.
To clarify, I am explicitly not talking about installing an SSL certificate on our own systems.
Our client has not yet started using their replacement SSL certs ... so I'm unclear how I might go about positively proving that the replacement SSL certs will work, without having visibility of them in advance.
To distill my question into two parts:
"is what I've been tasked to do even possible without visibility of the subject SSL?".
"should I be contemplating installing a Linked CA onto an Azure App service? (and if so, how)".
I have a question about Azure-hosted websites and wildcard certificates.
I’m able to install my wildcard certificate to a website and then add multiple SSL bindings without issue.
But when I try to add that same certificate to another website, I get an error message about the certificate thumbprint.
Is there a centralized location where I can add the SSL certificate so that I can use the wildcard cert for multiple, individual websites?
I would like to report that this appears to just be a propagation issue on the side of Azure, and the issue has resolved itself.
Some more information in case others would run into this issue-
After I added the certificate using the new Azure interface (portal.azure.com) to a Website, the SSL certificate did not appear in the "Certificates" list, though it did successfully accept the SSL bindings that were added. Navigating to a different Website, I attempted to add the certificate again, which failed.
After 10 minutes, I now see that the "Certificates" list is populated on all Websites on the account. When you upload a certificate to one Website, it does become global for the account and is accessible on other parts of the Azure portal.
I am attributing this solely to a propagation delay... otherwise, all appears to work normally.
Hope this helps someone.
Apologies for what is probably a question about a simple task but I'm brand new to Azure and a little worried I get this wrong. Actually, I have a new client and don't even have the access yet to their Azure yet have a proper look. The question is:
My new client has an existing MVC application running on IIS within Azure. This application must communicate with a third party SOAP (.asmx) web service that requires parts of the SOAP message to be signed using an SSL digital certificate.
So, I need to install the certificate on Azure. My problem is that the articles I have found deal with securing the website using the certificate and Https - which I don't want.
Can someone please point me to a good article (or show here if simple enough) that shows how to install it for the purpose of communicating with this third party service?
Any help is really appreciated here so that I can hit the ground running.
The approach for installing any certificate is the same. So you would use the same approach as you would for installing SSL certificate. So the steps would be:
Upload the certificate first in the cloud services certificate section. Note down the certificate thumbprint.
In Visual Studio, open up your role's properties and go to "Certificates" tab and specify that certificate thumbprint along with the certificate store location where you want this certificate to be installed.