.Net, Azure

Integrating SSL to Azure Websites

freessl

So after very very long I have finally got some time to share something. Today I will share how to integrate SSL with Azure Website; trust me it can be a bit of pain to get this working specially if you are quite new to this. So in this article I will explain it with all pictures; which I feel is the best way to explain or learn.

So to try this two things is a must.

  • You should have a registered domain. Do not use *.azurewebsites.net for registering SSL since almighty Microsoft provides the SSL support for azurewebsites.net domain. So if you are planning to use *azurewebsites.net then you do not need to have a seperate SSL certificate.
  • The SSL Provider we are going to use here i.e RapidSSL send a mail to the domain administrator mail id which is actually a set of email id’s which RapidSSL support. Here is the list of all supported email id’s (admin@yourdomain.com,administrator@yourdomain.com,
    hostmaster@yourdomain.com,webmaster@yourdomain.com,
    postmaster@yourdomain.com)

Ok Lets get started not.

First go to the URL www.freessl.com and click on TRY button to try with freessl or you are quite sure to buy it then just buy. I will use the free version which is valid for 1month.

Now on clicking on the TRY button you will get series of forms to be filled for which I have attached the screenshots.

freessl_pop1

freessl_pop2

freessl_csr

Now this is the point we need to generate the CSR (Certificate Signing Request). We can do it using IIS Manager or OpenSSL as well. But lets use IIS though we would openssl in later stage but for this purpose lets use IIS Manager.

So press start in windows OS and then type IIS; and you will get IIS Manager. If you do not find it then go to Control Panel -> Program Features -> Turn windows features on or off.

So if you find the IIS manager then you just follow these snapshots

iis_open_feature

iis_create_cert_dialog1

iis_create_cert_dialog2

iis_create_cert_dialog3

Now after you have save this file. Open this file in the Notepad and copy the content and paste it to the freessl website ; here

freessl_csr

Now after pressing the submit you follow these

freessl_continue1

freessl_continue2

freessl_continue_domain_approver

freessl_orderno

After this you should get a mail on the Domain email id you have selected after clicking the link provided on that you should get your CSR to the registered email address. And if you look at the end of the mail you will see the Web Server certificate. Copy that and save it as myserver.crt. Now right click on this file and press install certificate.

Now we need to generate the .pfx file which is needed to be uploaded to the azure. So lets do that.

First lets get the private key; which we get from teh CSR request we made

On the start serach mmc.exe then File -> Add/Remove SnapIn; select Certificates and then Local Computer.

Now go to folder level Personal -> Certificates and you should find the certificate www.whynotme.com.

Click on next and select yes then again next and select to PKCS #12. and then the location of the file and save it as file name privatekey.pfx

Now we need to generate a .pfx file which is password protected and accepted by Azure website. So lets use OpenSSL to generate this.

We need 3 files for this

  1. Private Key file
  2. Web Server Cert from RapidSSL
  3. Intermediate or Chain Cert as bundle which you can get it here and save it as Intermediate.pem

Now we have the private key as .pfx file but we need .key file to generate the final .pfx file. So lets extract the .key file from privatekey.pfx.

You can get the Open SSL installer from here. INstall it in C:\openssl drive with all its binaries. Open command prompt and type the following

set OPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.cfg

And to generate the .key file

C:\>.\OpenSSL-Win64\bin\openssl.exe pkcs12 -in privatekey.pfx -nocerts -out privatekey.pem

C:\>.\OpenSSL-Win64\bin\openssl.exe rsa -in privatekey.pem -out private.key

Now we have all the files lets generate the final .pfx file which should be uploded to Azure by just running the following command

C:\>.\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out whynotme_ssl.pfx -inkey private.key -in myserver.crt -certfile intermediate.pem

So the final file which should be uploaded is whynotme_ssl.pfx

Go to your azure website -> Configure; search for Upload Certificate.

ssluploadcert

ssluploaddlg

In the ssl bindings section of the CONFIGURE tab, use the dropdowns to select the domain name to secure with SSL, and the certificate to use. You may also select whether to use Server Name Indication (SNI) or IP based SSL.

sslbindings

  • IP based SSL associates a certificate with a domain name by mapping the dedicated public IP address of the server to the domain name. This requires each domain name (contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method of associating SSL certificates with a web server.
  • SNI based SSL is an extension to SSL and Transport Layer Security (TLS) that allows multiple domains to share the same IP address, with separate security certificates for each domain. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI, however older browsers may not support SNI. For more information on SNI, see the Server Name Indication article on Wikipedia

Click Save to save the changes and enable SSL.

Thats it. Now try https://yourdomain.com

Hope it works for you as it worked for me. Please leave a comment good or bad or improvements all are appreciated.

Reference : Enable HTTPS for an Azure web site

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s