Azure Web App Free SSL Stage

1
votes

I'm in the process of moving our site to Azure Web App (S1). I might be over thinking this but need to create a temp domain for my team to QA the temp Azure site before I move the prod site to Azure.

I've done the following so far:
1. Create Azure Web App account and deployed site mysite.azurewebsites.net - done
2. Create subdomain stage.mycompany.com - done
3. Create cname #2 and point to #1 - done

Since stage.mycompany.com is temporary (until we move the actual site over), I don't want to purchase an SSL for this.

I thought I could just create an SSL using openssl and install that cert on Azure. I tried that but get "Not secure" in chrome for the cname.

Will this idea work (free SSL for cname azure web app) but I just didn't install the ssl correctly?

2
azureazure-web-app-service
It would help if you listed the steps you did when creating and also configuring the cert in Azure because it definitively works.CSharpRocks
There's free TLS with a proper cert on https://{your-webapp-name}.azurewebsites.net, why bother?evilSnobu

2 Answers

1
votes

I thought I could just create an SSL using openssl and install that cert on Azure. I tried that but get "Not secure" in chrome for the cname.

Probably, you have not imported the certificate in your Trusted Root Certification Authorities directory on your machine. You can check configurations on your side as following steps.

If you create a certificate using OpenSSL, you should export the certificate with the private key then upload the certificate .pfx file to the Azure portal. Export certificate to PFX.

Or, you can generate a self-sign certificate with PowerShell.

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "stage.mycompany.com" -FriendlyName "MySiteCert" -NotAfter (Get-Date).AddYears(1)

Export the certificate. Then run MMC, Follow the path to locate the newly generated certificate in your machine. File--- Add\Remove Snap-In---Certificates----add---computer account. Copy the certificate from Personal directory to Trusted Root Certification Authorities directory. Also, you need to export the certificate (.pfx file) with private Key.

On the Azure side, you need to upload and bind the newly generate the self-sign certificate to your websites.

  • Map your subdomain stage.mycompany.com to your websites. You can select Custom domains in your web app page. Add hostname stage.mycompany.com, refer to this.
  • Bind your SSL certificate. Click SSL settings in the left navigation of your web app. Upload your newly .pfx certificate, and bind your SSL certificate with SNI-based SSL type.

After that, you can access the website with https://stage.mycompany.com. I test it in my lab with IE and Chrome explore as below:

enter image description here

0
votes

I think I would deploy an Azure Public IP so that you can start working with Load Balancers and the rest of the Azure web stack that might be necessary to get your app live in production.

While requesting an SSL is free these days exactly how you go about automating that in regards to production may mean changes to your app or infrastructure.

Just moved our stuff to Azure and love it but there can be some gotchas in-between running on the azure based FQDN and running with DNS etc up and running on a fully operational battle station.