How to Add SSL Free in Azure? Is it Possible?

Asked

Viewed 762 times

2

In Azure:

I have an Azure account where I created a new Site. To add an SSL Certificate (Https) I had to change the hosting plan from "Free" to "Basic" (in the Scale menu). Then I opened the option to upload a certificate (in the Configure menu).

At Geotrust: (https://www.geotrust.com/)

I created a Free SSL certificate. However to approve the certificate I would have to receive an authorization in an email to the same domain of the certificate created. The problem is that my site does not have its own domain, but the domain of Azure: http://exemplo.azurewebsites.net.

How do I resolve this? How do I create a Free SSL certificate for an Azure domain?

email certified ssl windows-azure domain

  • I found a Site that generates SSL Certificate where the confirmation email can be from Gmail: https://www.startssl.com/ however at the moment is giving the following message: Over Capacity

2 answers

2


Oops, I did a post exactly Sober this a while ago!

http://luisrudge.net/configurando-ssl-com-seu-dominio-no-azure-websites/

Below is the transcript of the post.

In this example, I will use a free SSL from Start SSL.

Registration on the "Startssl"

To start, we’ll sign up for "Startssl".

Registration form http://luisrudge.net/content/images/2013/Nov/1_1.png Sign up for the site

Code confirmation http://luisrudge.net/content/images/2013/Nov/2-1.png Confirm the code received by e-mail

Continue http://luisrudge.net/content/images/2013/Nov/3-1.png Continue

Install certificate on the http://luisrudge.net/content/images/2013/Nov/4-1.pngmachine Install the certificate on your machine

Certificate installed http://luisrudge.net/content/images/2013/Nov/5-1.png Certificate installed

Choosing an SSL domain

Now that we have the certificate on our machine, we can add domains to our account. This is where money makes the difference. Free Startssl, do a check much basic and therefore not the most reliable SSL in the world.

The amount you pay to register an SSL is mainly proportional to two factors:

  • Rigidity in confirming your data as domain owner
  • Financial guarantee that the supplier gives you if you have financial loss with some security failure with the SSL provided

Come on!

Enter domain http://luisrudge.net/content/images/2013/Nov/6-1.png Enter the domain

Confirmation by e-mail http://luisrudge.net/content/images/2013/Nov/7.png Choose your registration email

Code confirmation http://luisrudge.net/content/images/2013/Nov/8.png Again, confirm the code received by e-mail

Confirmation of authentication http://luisrudge.net/content/images/2013/Nov/9.png Continue

Creating the private key

After "confirming" that you own the domain, create your private key.

Create private key http://luisrudge.net/content/images/2013/Nov/10.png Enter a password to create a private key

Save private key http://luisrudge.net/content/images/2013/Nov/11.png Save the private key

Creating the certificate

After creating the private key, you need to create the certificate itself.

Choose the domain http://luisrudge.net/content/images/2013/Nov/12.png Choose the domain

Choose subdomain http://luisrudge.net/content/images/2013/Nov/13.png Choose the subdomain

Confirmation of data http://luisrudge.net/content/images/2013/Nov/14.png Confirm the data and continue

Copy or save certificate http://luisrudge.net/content/images/2013/Nov/15.png Save the certificate

Generating . pfx for Azure

With the certificate in hand, we now need a file to import into IIS (Azure or not).

Decrypt the private key http://luisrudge.net/contentimages/2013/Nov/16.png Decrypt the private key with your password

Copy key http://luisrudge.net/content/images/2013/Nov/17.png Copy the decrypted key

Generate PFX http://luisrudge.net/content/images/2013/Nov/18.png Enter the decrypted key, certificate and your password

PFX generated http://luisrudge.net/content/images/2013/Nov/19.png Save and rename the file from . P12 to . pfx

Setting up the Azure Website

Ready! Now let’s go to Azure to configure what is needed.

To be able to use SSL, you need to upgrade to Standard mode. Only this would increase the value to maintain the site, but still has more. To use SSL on Azure Websites, the cost is $9/month.

But that’s it, if we want to offer security to users, we have to implement SSL. Bora!

Upgrade to Standard http://luisrudge.net/content/images/2013/Nov/1.png Upgrade to Standard Mode

Load a certificate http://luisrudge.net/content/images/2013/Nov/2.png Click 'Load a certificate'

Load a certificate http://luisrudge.net/content/images/2013/Nov/3.png Upload the . pfx file

Don’t forget the expiration date http://luisrudge.net/contentimages/2013/Nov/4.png Don’t forget the expiration date!

Associate SSL endpoints http://luisrudge.net/content/images/2013/Nov/5.png Associate certificate SSL endpoints

Ready :) http://luisrudge.net/content/images/2013/Nov/6.png Ready :)

  • 1

    develops your answer. This link may be disabled for some reason, and the answer is invalid.

  • I don’t really agree with that, since the answer gets too big and the blog is mine, but it’s there. Thanks.

0

Using Let’s Encrypt (I did step by step today - 25/06/2018 - and it works!)

The step by step below works when you create a Linux Webapp on Azure.

If your Webapp is Windows you can create a temporary Linux, configure the domains that will receive the certificates and then delete this temporary Webapp and configure the domains in the official Webapp and add the certificates in it.

  1. Add Custom Domains in the Azure portal.
  2. Open SSH interface in Azure

  3. Execute commands below:

    su root

    cd /home

    apt-get update

    apt-get install git

    git clone https://github.com/letsencrypt/letsencrypt

    cd /home/letsencrypt

    ./letsencrypt-auto certonly

  4. Inform these parameters in Let’s Encrypt that has been opened

    Authenticate: 3 Place files in webroot directory (webroot)

    Enter email address: your email

    Terms of Service: A

    Share your email: N

    Your Domain name: dominio.com.br www.dominio.com.br

    Input the webroot: /home/site/wwwroot

    Select the webroot: 2

  5. Execute commands below:

    apt-get install p7zip-full

    cd /etc/letsencrypt/live/dominio.com.br

    mkdir /home/site/wwwroot/cert

    cp * /home/site/wwwroot/cert

    cd /home/site/wwwroot/cert

    7z to cert.zip *

  6. Download the certificate files generated in http://dominio.com/cert/cert.zip

  7. Execute commands below:

    rm -Rf /home/site/wwwroot/cert/

  8. Unzip the files.

  9. Access: https://www.sslshopper.com/ssl-converter.html and informed:

    Certificate File to Convert: cert.pem

    Type of Current Certificate: Standard PEM

    Type To Convert To: PFX/PKCS#12

    Private Key File: privkey.pem

    Chain Certificate File (optional): chain.pem

    Chain Certificate File 2 (optional): fullchain.pem

    PFX Password: a-password

  10. Click "Convert Certificate" and save the file

  11. In the Azure port, go to SSL Settings. Configure as below:

    Load Certificate: cert.pfx

    Add membership: for each domain, choose the certificate and SSL SNI type

Browser other questions tagged email certified ssl windows-azure domain

You are not signed in. Login or sign up in order to post.