I'm new to Windows azure. I've browsed the web but stuck at the moment. Here is my problem.
I've deployed a web role and uploaded a certificate. I also configured the domain name.
In the control panel certificate name is *.mydomain.com. My website responds to mysubdomain.mydomain.com. In the properties of my azure project, in certificates tab I added a certificate with name Mydomain and copy pased the Thumbprint of my certificate from the control panel.
Then in the Endpoints tab I added an endpoint
Name: Endpoint2
Type: Input
Public port: 8080
Certificate: Mydomain (the one I recently added)
Then I published the project via Visual Studio.
But it doesn't open via https. What I'm missing?
I've solved the Issue. I had to change the public port from 8080 to 443 and everything worked fine.
Related
I was able to create an App Service Managed Certificate for my Azure Web App with the domain www.mydomain.com, and binded it to www.mydomain.com, but of course it still shows mydomain.com as insecure so I go back to "Create App Service Managed Certificate" to create another for mydomain.com but it says "A certificate has already been issued to this domain" so how do I secure mydomain.com?
After some research, unless I'm missing something, it seems the App Service Managed Certificate cannot be bound to a naked domain, which makes no sense to me, why would anyone want a cert that protects www.mydomain.com but not mydomain.com?
I am trying to wrap my head around how this should be set up correctly. I have two certificates, a client certificate and a service certificate. I've placed these in the MMC, on the service account for the host instance that handles the send port. So the client certificate is placed in the Personal folder and the service certificate is placed in the Trusted People folder.
I've tried using several "Find" methods to locate these certificates, such as thumbrprint and serial number, but I always get a "Certificate not found" exception back.
My current settings on the adapter.
Client certificate:
Service certificate:
My settings for Authentication:
SSL Certificate Authentication settings:
What is the correct way to add the certificates to the different stores, so that they can be located by Biztalk? I've found the MSDN documentation on the topic, but it doesn't really provide any answers: https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/wcf/clientcertificate-of-clientcredentials-element
You have to be logged in as the BizTalk Service Account to manage Certificates. Run As doesn't typically work.
Other than that, the instructions should be correct.
I am trying to access a Filezilla Server using FtpWebRequest in Powershell, like this:
$ftprequest = [System.Net.FtpWebRequest]::Create($sourceuri)
$ftprequest.Method = ([System.Net.WebRequestMethods+Ftp]::ListDirectoryDetails + " -a")
$ftprequest.Credentials = New-Object System.Net.NetworkCredential($username,$password)
$ftprequest.EnableSsl = $true
In Filezilla Server there is a "Generate New Certificate" which is what I used to create the certificate. This created a .crt file that Filezilla is pointing to for both the private key and certificate file.
The server is also configured with the options "Enable FTPS" and "Allow explicit FTP over TLS".
I am able to happily access the server using the Filezilla Client (although it warns that the server's certificate is unknown).
To access the server from a Powershell client, without getting complaints about the certificate, my understanding is the best thing to do is import the certificate on the client machine. I managed to do this by downloading the .crt file, manually stripping out the private key portion using Notepad, and then running:
Import-Certificate -FilePath .\filezillaCertificate.crt -CertStoreLocation cert:\CurrentUser\My
However, trying to connect using FtpWebRequest I still receive the error "The remote certificate is invalid according to the validation procedure."
Can anyone point me in the right direction?
This is not a PoSH issue. It is a pure PKI 101 (cert implementation) issue.
Self-signed certificates will always be considered untrusted in most cases, because there is no way to validate it, no public registered body for it and no public CRL (Certificate Revocation List / Authority) associated with it.
You cannot create a PKI cert for a remote location on your local machine. You must create the cert on the remote location, or buy a public cert and install it on the remote location certificate store. The public and private key must reside on the remote server / site. For any server / site, the certificate must be registered / issued to that server then manually assigned to a site (FTP/s, HTTP/s).
Then, you download the public cert from the destination and install that on your local machine. Normally installed to the local machine store. If you cannot download that public certificate and certificate chain using a browser, by clicking on the lock, after visiting the site, then you must request that the destination server/site owner send you the public cert for you to install locally. Again, normally installed to the local machine store.
I know your post is about a Filezilla server (Full Disclosure: I've never seen on used one), but the approach as shown in the articles below on setting up FTP over SSL on IIS should be similar.
FTP over SSL
The element specifies the FTP over Secure Sockets Layer (SSL)
settings for the FTP service; FTP over SSL was first introduced for
IIS 7 in FTP 7.0.
Unlike using HTTP over SSL, which requires a separate port and
connection for secure (HTTPS) communication, secure FTP communication
occurs on the same port as non-secure communication. FTP 7 supports
two different forms of FTP over SSL:
https://learn.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/ftpserver/security/ssl
https://learn.microsoft.com/en-us/iis/publish/using-the-ftp-service/using-ftp-over-ssl-in-iis-7
Update to find the FileZilla SSL guidance
Install a SSL certificate on FileZilla FTP Server
https://www.tbs-certificates.co.uk/FAQ/en/FileZilla_FTP_Server.html
Installing a certificate on an OpenSSL-based server is really similar
than doing so on Apache: Install an Apache certificate, except that
the instructions indicating the path to th files are not the same!
for FTP FileZilla server, via the interface: FileZilla Server
Option -> SSL/TLS settings:
•import the private key (.key file generated along with the CSR) in
"Private key file".
•import the certificate and the certification chain in the same file:
1) on your certificate status page, download the "file.cer" file and
the certification chain "chain-xxx.txt" 2) concatenate those two
files into one 3) import the file in "Certificate file"
How to connect FTP over SSL/TLS in FileZilla?
Create Site
Go to File >> Site Manager >> New Site.
Following are the required details to fill up.
• Host: Enter Hostname(i.e. ftp.yourdomain.com) or IP address which we
have sent in Welcome e-mail. • Port: 21 (Default FTP port is 21, you
can also keep it blank). • Protocol: FTP - File Transfer Protocol. •
Encryption: Select Required explicit FTP over TLS from dropdown list.
• Logon Type: Select Normal from the dropdown list. • User: Your FTP
username. • Password: Your FTP Password.
https://manage.accuwebhosting.com/knowledgebase/761/How-to-connect-FTP-over-SSLorTLS-in-FileZilla.html
The FileZilla wiki also talks to how to do the SSL implementation.
I'm developing an application on Azure VM and would like to secure it by using the wildcard SSL certificate that I'm already using with my main domain. The SSL cert works with any *.mydomain.com and the application on Azure VM is accessible through myapplication.cloudapp.net
Based on the research that I've done, CNAME should be the best option to do that (I can't use A record since we need to shutdown the VMs every week and turn them back on the next week and will lose the ip addresses).
My two questions are:
How can I have myapplication.cloudapp.net be shown as subdomain.mydomain.com?
Will doing that make it possible for wildcard SSL certificate to be used for Azure application too?
How can I have myapplication.cloudapp.net be shown as
subdomain.mydomain.com?
Yes - this is just the CNAME forwarding and ensuring that the appropriate SSL certificate is installed on the server.
Will doing that make it possible for wildcard SSL certificate to be used for Azure application too?
Well as you're already exposing the Application through the VM - this should happen seemlessly.
Just a word of caution, you mention that you're using the certificate on the main domain, but haven't mentioned where you're using this. Be aware that, out-of-the-box, you can only assign one SSL per HTTPS endpoint. You can enable multiple SSL certificates on an Endpoint for Azure / IIS using Server Name Identification and can be enabled directly or automatically. If you do take this route, remember to configure your SNI bindings first, then apply the default binding - it kinda screws up otherwise.
I am running Jenkins on squeeze through the default winstone container and I would like to redirect all calls to http://jenkins-server to https://jenkins-server. Is there a way I can do this without running Jenkins through apache, etc?
At least you need something that would sit in port 80 and redirect browsers to https://jenkins-server. Jenkins does not have this capability built-in.
See Jenkins command-line options at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins
First you have to generate certificate (both public and private) on your jenkin name (may be localhost) and import public certificate into your browser. Parallely host your jenkin using the certificate you have generated (which may be in JKS format containing both public and private key).
Refer for more info "Enable HTTPS in jenkins?"