Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Azure web role - Multiple ssl certs pointing to a single endpoint

Tags:

ssl

ssl-certificate

azure

Is there a way I can have multiple ssl certificates point to a single inputendpoint in a service definition? For example, lets say I have two url's.

service.foo.net/Service.svc

service.doo.net/Service.svc

I want both of these addresses to resolve to my windows azure service, but I'm not sure how to configure this in the service definition.

<Certificates>
   <Certificate name="service.foo.net" storeLocation="LocalMachine" storeName="My" />
   <Certificate name="service.doo.net" storeLocation="LocalMachine" storeName="My" />
  </Certificates>
  <Endpoints>
   <InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="service.foo.net" />
  </Endpoints>

According to this MSDN article, each input endpoint must have a unique port. Is there any way to specify more than once certificate for this endpoint?

like image 610
Brosto Avatar asked Dec 16 '10 13:12

Brosto

People also ask

Can you have multiple SSL certificates for one domain?

You can install multiple SSL certificates on a domain, but first a word of caution. A lot of people want to know whether you can install multiple SSL certificates on a single domain. The answer is yes.

How do multi domain SSL certificates work?

A multi domain SSL certificate is a single certificate that covers multiple domains on a single IP. When it comes to the strength of encryption, a SAN or a UCC multi domain certificate uses the same encryption standards as the rest of the solutions offered by any trusted third-party certificate authority (CA).

Can you have multiple wildcard SSL certificates?

A multi-domain wildcard SSL certificate can also be used as a multi-level wildcard. Multi-domain wildcards use wildcard SANs, you can include an asterisk in them. So, using a multi-domain wildcard enables you to secure all the sites we listed above with just a few wildcard SANs — all on the same SSL certificate.

2 Answers

Unfortunately this is not possible. Azure is re-exposing an SSL limitation. The SSL limitation is interesting, and the reason you can't use v-hosts over SSL. Lets walk through an example:

  1. You connect to https://ig2600.blogspot.com
  2. That resolves to some ip address - say 8.8.8.8
  3. Your browser now connects to 8.8.8.8
  4. 8.8.8.8 must preset a certificate before your browser will send any data
  5. the browser verifies the ceritificate presented is for ig2600.blogspot.com
  6. You send the http request, which contains your domain name.

Since the server needs to present a certificate before you tell it the host name you want to talk to, the server can't know which certificate to use if multiple are present, thus you can only have a single cert.

like image 178
Igor Dvorkin Avatar answered Sep 18 '22 16:09

Igor Dvorkin

"Oliver Bock"'s answer may work for you and "Igor Dvorkin"'s answer is not valid anymore since IIS 8 with Windows Server 2012 supports SNI, which enables you to add a "hostheader" to HTTPS bindings and having multiple SSL certificates to different domains listening to the same HTTPS port.

You need to automate the process of installing the certificates on the machine and add HTTPS bindings to IIS.

I'm a Microsoft Technical Evangelist and I have posted a detailed explanation and a sample "plug & play" source-code at: http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/

like image 22
Vitor Ciaramella Avatar answered Sep 20 '22 16:09

Vitor Ciaramella
Sign in to Comment

Related questions

Swift iOS Client Certificate Authentication
Access local dev environment on a device and Charles Proxy and SSL?
How do you handle SSL in development?
Delphi: idHttp+SSL
How to get the java.security.PrivateKey object from RSA Privatekey.pem file?
Should data in an HTTPS request appear as encrypted in Chrome developer tools?
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Android 2.3
SSL operation failed with code 1: dh key too small
How to Install a Godaddy SSL Certificate on Google Cloud Platform
SNI client-side mystery using Java8
Amazon Certificate Manager gives LimitExceededException
ssl/asyncio: traceback even when error is handled
Using multiple SSL client certificates in Java with the same host
OpenSSL unable to get local issuer certificate unless CAfile is explicitly specified
MySQL SSL Remote Connection Error: Unable to get Private Key
What does this error mean in mariadb ssl :: ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed
I'm using .pfx certification in my node.js https server and I can't use 'passphrase' in option
How to add custom field to certificate using openssl
openssl / ctls trouble with vapor 2
SSL certificate pre-fetch .NET

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!