Geek Answers Handbook

Multiple SSL certificates in one azure deployment

I have a problem similar (but not the same) as mine:
Azure web role - multiple ssl certificates pointing to one endpoint

My azure package contains several sites. Some of these sites are on the abc domain, while others are on the def domain. I need to protect both domains with SSL, but I can’t figure out how (if possible) to do this.

Here is an example of my configuration:

<Sites> <Site name="sub1.abc" physicalDirectory="***"> <Bindings> <Binding name="HttpIn" endpointName="HttpIn" hostHeader="sub1-staging.abc.com" /> <Binding name="HttpsInABC" endpointName="HttpsInABC" hostHeader="sub1.abc.com" /> </Bindings> </Site> <Site name="sub1.def" physicalDirectory="***"> <Bindings> <Binding name="HttpIn" endpointName="HttpIn" hostHeader="sub1-staging.def.com" /> <Binding name="HttpsInDEF" endpointName="HttpsInDEF" hostHeader="sub1.def.com" /> </Bindings> </Site> </Sites> <Endpoints> <InputEndpoint name="HttpIn" protocol="http" port="80" /> <InputEndpoint name="HttpsInABC" protocol="https" port="443" certificate="abc" /> <InputEndpoint name="HttpsInDEF" protocol="https" port="443" certificate="def" /> </Endpoints> <Certificates> <Certificate name="abc" storeLocation="LocalMachine" storeName="My" /> <Certificate name="def" storeLocation="LocalMachine" storeName="My" /> </Certificates>

This configuration gives me the following error:

The same local port "443" is assigned to the HttpsInABC and HttpsInDEF endpoints as ***.

Any suggestions on how I can get around this without having to post them separately?



Based on @JoelDSouza's answer:

Various ports will be used for you.

What are the implications of SSL for ports 444/445/446, etc. on windows azure?

+7
source share
4 answers

You can use multiple SSL certificates and add them all to one endpoint, automating the process of installing certificates on a machine and adding HTTPS bindings to IIS.

IIS 8 (Windows Server 2012) supports SNI, which allows you to add a "hostheader" to the HTTPS binding.

I am a Microsoft technical technical consultant, and I posted a detailed explanation and sample plug and play source code: http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud -services /

+3
source

I’m afraid that you’re out of luck - as indicated in the article you contacted, one SSL certificate for the server IP address. I assume that by placing them separately (which seems strange when you consider that it is cloud based), you will get two IP addresses and, therefore, you can add an SSL certificate to each IP address.

Perhaps you can move everything to one domain and use folders in this domain to host individual sites - this is the only way to protect all your SSL certificates without two hosting packages: i.e. instead:

www.domain1.com and www.domain2.com use www.mydomain.com/domain1/ and www.mydomain.com/domain2/

+2
source

Will different ports be used for you? You can use SSL cert 1 with myapp.cloudapp.net:443 and SSL cert 2 with myapp.cloudapp.net:8443

0
source

If you do not need wildcard certificates, you can use a multi-domain certificate. Thus, you only need one certificate. The disadvantage is that each subdomain must be specified, which can become expensive if you have a lot.

0
source

More articles:


All Articles