How to obtain signed SSL certificate for my deploy (servicename.cloudapp.net)?

Category: azure vm

Question

L.Flexoni on Mon, 10 Nov 2014 10:54:17


How to obtain signed SSL certificate for my deploy (servicename.cloudapp.net)? like as

https://graphexplorer.cloudapp.net/
https://codeplexodata.cloudapp.net/ (expired October 25)

Replies

Bharath Kumar P on Mon, 10 Nov 2014 14:33:27


Hi,

To configure SSL for an application, you first need to get an SSL certificate that has been signed by a Certificate Authority (CA), a trusted third-party who issues certificates for this purpose. If you do not already have one, you will need to obtain one from a company that sells SSL certificates.

The certificate must meet the following requirements for SSL certificates in Azure:

  • The certificate must contain a private key.
  • The certificate must be created for key exchange, exportable to a Personal Information Exchange (.pfx) file.
  • The certificate's subject name must match the domain used to access the cloud service. You cannot obtain an SSL certificate from a certificate authority (CA) for the cloudapp.net domain. You must acquire a custom domain name to use when access your service. When you request a certificate from a CA the certificate's subject name must match the custom domain name used to access your application. For example, if your custom domain name is contoso.com you would request a certificate from your CA for *.contoso.com or www.contoso.com.
  • The certificate must use a minimum of 2048-bit encryption.
  • Certificates issued from private CA servers are not supported by Azure Websites.

Please refer the following links which talks about Configuring SSL for an application in Azure.

http://azure.microsoft.com/en-in/documentation/articles/cloud-services-configure-ssl-certificate/

http://azure.microsoft.com/en-in/documentation/articles/web-sites-configure-ssl-certificate/

Regards,

Bharath

L.Flexoni on Mon, 10 Nov 2014 16:19:02


You cannot obtain an SSL certificate from a certificate authority (CA) for the cloudapp.net domain. 

Why Microsoft gives certificates to some Windows Azure customers? What is the cost?


Bharath Kumar P on Mon, 10 Nov 2014 18:45:14


Hi,

SSL certificates used with Azure Websites must be signed by a Certificate Authority (CA).

For a list of Certificate Authorities, see Windows and Windows Phone 8 SSL Root Certificate Program (Members CAs) on the Microsoft TechNet Wiki.

Regards,

Bharath 

L.Flexoni on Tue, 11 Nov 2014 09:07:26


Only "MSIT Machine Auth CA 2" can make signed SSL certificate for %name%.cloudapp.net. How to get cert from it?

Bharath Kumar P on Tue, 11 Nov 2014 19:51:16


Hi,

If you get an SSL certificate issued for <myapp>.cloudapp.net, you will not be able to get this certificate verified (a mandatory validation step by Certificate Authority). This is because cloudapp.net domain is owned by Microsoft. So, you will have to get the SSL certificate issued for your domain name or wildcard
name ie *.mydomain.com. You will be able to verify this certificate for the certificate authority, because you own your domain.

http://blogs.msdn.com/b/sriharsha/archive/2012/02/25/domain-mapping-on-windows-azure.aspx

Regards,

Bharath



L.Flexoni on Wed, 12 Nov 2014 09:20:59


But some customers can have certificate from Microsoft. Why?