Azure web role - Multiple ssl certs pointing to a single endpoint

Question

Is there a way I can have multiple ssl certificates point to a single inputendpoint in a service definition? For example, lets say I have two url\'s.

service.foo.ne

Answer 1

This post indicates you will need a "multi domain certificate", which seems to be a certificate that can match multiple DNS names in step 5 of Igor's answer. I have not tried it, but presumably this certificate can be uploaded to Azure in the usual way.

Answer 2

Unfortunately this is not possible. Azure is re-exposing an SSL limitation. The SSL limitation is interesting, and the reason you can't use v-hosts over SSL. Lets walk through an example:

1. You connect to https://ig2600.blogspot.com
2. That resolves to some ip address - say 8.8.8.8
3. Your browser now connects to 8.8.8.8
4. 8.8.8.8 must preset a certificate before your browser will send any data
5. the browser verifies the ceritificate presented is for ig2600.blogspot.com
6. You send the http request, which contains your domain name.

Since the server needs to present a certificate before you tell it the host name you want to talk to, the server can't know which certificate to use if multiple are present, thus you can only have a single cert.

Answer 3

"Oliver Bock"'s answer may work for you and "Igor Dvorkin"'s answer is not valid anymore since IIS 8 with Windows Server 2012 supports SNI, which enables you to add a "hostheader" to HTTPS bindings and having multiple SSL certificates to different domains listening to the same HTTPS port.

You need to automate the process of installing the certificates on the machine and add HTTPS bindings to IIS.

I'm a Microsoft Technical Evangelist and I have posted a detailed explanation and a sample "plug & play" source-code at: http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/