发表新帖
发表新帖

Does Azure offer https for “cloudapp.net”?

前端 未结
关注
4 2072
北海茫月
北海茫月 2021-02-02 09:29

One great advantage of using Azure Websites is that I can get secure HTTP (HTTPS) without doing nothing: I simply type https://xyz.azurewebsites.

相关标签:
4条回答
  • 遇见更好的自我
    2021-02-02 10:14

    I would walk through the documentation listed here: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/

    0 讨论(0)
  • [愿得一人]
    2021-02-02 10:20

    Since you're getting a timeout with HTTPS (rather than a certificate error), check that you have a HTTPS endpoint defined in ServiceDefinition.csdef.

    Additionally, be aware that the redirect-to-subdomain approach isn't much more secure than using a self-signed certificate. The reason browsers reject self-signed certs is that they are vulnerable to spoofing attacks: a user can't detect if an attacker has, for example, hijacked the DNS to point to his IP address instead of yours, where he hosts a facade of your site that just collects passwords or whatever.

    In your scenario, the cloned site could redirect to another a second clone, one that is a facade of your cloudapp.net site. It could be even be secured with the attacker's SSL certificate. Unless the user was trained to recognize the host name of the real cloudapp.net, she wouldn't know she was on the attacker's "secure" site.

    0 讨论(0)
  • 慢半拍i
    2021-02-02 10:24

    No. HTTPS is not offered for .cloudapp.net domain as of today. Also since you don't own .cloudapp.net domain, I don't think you can buy a SSL certificate for that. If you want you could create a self-signed certificate and use that.

    0 讨论(0)
  • 走了就别回头了
    2021-02-02 10:26

    ** Update: This method is not valid as well, we got the certificate revoked after one week using it **

    We use this approach for staging/dev servers:

    If you don't want to use a self-signed certificate, one option is to purchase a cheap SSL certificate, e.g.:

    https://www.ssls.com/comodo-ssl-certificates/positivessl.html

    Then once you need to approve it you have to ask support to change the approver validation process: instead of sending an email to a admin@mydomain.cloudapp.net you can ask to change the validation process to placing a given file with a given file in the root of your website (you have to ask in the support / chat room about that option).

    More info:

    https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/791/16/alternative-methods-of-domain-control-validation-dcv

    0 讨论(0)
 看不清?
提交回复
热议问题