问题
One great advantage of using Azure Websites is that I can get secure HTTP (HTTPS) without doing nothing: I simply type https://xyz.azurewebsites.net
and it works. I don't have to worry about certificates because I use the subdomain that Azure gives me (in the example it would be xyz
)
So, what I usually do is that people come by through some registered domain I have, eg. http://www.my-application-homepage.com
, and there, if they want to use my application, I redirect them to the subdomain at azurewebsites.net
, using HTTPS.
Now, having said that:
I'm in need of upgrading to Azure Cloud Services or Azure Virtual Machines, because these have capabilities that Azure Websites don't . These two also offer a free subdomain: xyz.cloudapp.net
, but my question is: will I get HTTPS there too? and how?
I searched in google for some cloudapp examples and what I tested was the following:
1) Connect through HTTP (ie. type http://xyz.cloudapp.net
). Result: worked
2) Connect through HTTPS (ie. type https://xyz.cloudapp.net
). Result: didn't work (chrome gave ERR_CONNECTION_TIMED_OUT
)
回答1:
No. HTTPS is not offered for .cloudapp.net
domain as of today. Also since you don't own .cloudapp.net
domain, I don't think you can buy a SSL certificate for that. If you want you could create a self-signed certificate and use that.
回答2:
I would walk through the documentation listed here: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
回答3:
Since you're getting a timeout with HTTPS (rather than a certificate error), check that you have a HTTPS endpoint defined in ServiceDefinition.csdef
.
Additionally, be aware that the redirect-to-subdomain approach isn't much more secure than using a self-signed certificate. The reason browsers reject self-signed certs is that they are vulnerable to spoofing attacks: a user can't detect if an attacker has, for example, hijacked the DNS to point to his IP address instead of yours, where he hosts a facade of your site that just collects passwords or whatever.
In your scenario, the cloned site could redirect to another a second clone, one that is a facade of your cloudapp.net site. It could be even be secured with the attacker's SSL certificate. Unless the user was trained to recognize the host name of the real cloudapp.net, she wouldn't know she was on the attacker's "secure" site.
回答4:
** Update: This method is not valid as well, we got the certificate revoked after one week using it **
We use this approach for staging/dev servers:
If you don't want to use a self-signed certificate, one option is to purchase a cheap SSL certificate, e.g.:
https://www.ssls.com/comodo-ssl-certificates/positivessl.html
Then once you need to approve it you have to ask support to change the approver validation process: instead of sending an email to a admin@mydomain.cloudapp.net you can ask to change the validation process to placing a given file with a given file in the root of your website (you have to ask in the support / chat room about that option).
More info:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/791/16/alternative-methods-of-domain-control-validation-dcv
来源:https://stackoverflow.com/questions/20494005/does-azure-offer-https-for-cloudapp-net