One great advantage of using Azure Websites is that I can get secure HTTP (HTTPS) without doing nothing: I simply type https://xyz.azurewebsites.net and it works. I don't have to worry about certificates because I use the subdomain that Azure gives me (in the example it would be xyz)
使用Azure网站的一个巨大优势是我可以获得安全的HTTP(HTTPS)而不会做任何事情:我只需键入https://xyz.azurewebsites.net即可。我不必担心证书,因为我使用Azure给我的子域(在示例中它将是xyz)
So, what I usually do is that people come by through some registered domain I have, eg. http://www.my-application-homepage.com, and there, if they want to use my application, I redirect them to the subdomain at azurewebsites.net, using HTTPS.
所以,我通常做的是人们来自我所拥有的一些注册域名,例如。 http://www.my-application-homepage.com,如果他们想要使用我的应用程序,我会使用HTTPS将它们重定向到azurewebsites.net的子域名。
Now, having said that:
I'm in need of upgrading to Azure Cloud Services or Azure Virtual Machines, because these have capabilities that Azure Websites don't . These two also offer a free subdomain: xyz.cloudapp.net, but my question is: will I get HTTPS there too? and how?
现在,我已经说过:我需要升级到Azure云服务或Azure虚拟机,因为这些功能Azure网站没有。这两个还提供了一个免费的子域:xyz.cloudapp.net,但我的问题是:我也会在那里获得HTTPS吗?如何?
I searched in google for some cloudapp examples and what I tested was the following:
我在谷歌搜索了一些cloudapp示例,我测试的是以下内容:
1) Connect through HTTP (ie. type http://xyz.cloudapp.net). Result: worked
1)通过HTTP连接(即类型http://xyz.cloudapp.net)。结果:工作
2) Connect through HTTPS (ie. type https://xyz.cloudapp.net). Result: didn't work (chrome gave ERR_CONNECTION_TIMED_OUT)
2)通过HTTPS连接(即键入https://xyz.cloudapp.net)。结果:不起作用(chrome给出了ERR_CONNECTION_TIMED_OUT)
4 个解决方案
#1
13
No. HTTPS is not offered for .cloudapp.net domain as of today. Also since you don't own .cloudapp.net domain, I don't think you can buy a SSL certificate for that. If you want you could create a self-signed certificate and use that.
不会。截至今天,.cloudapp.net域名不提供HTTPS。此外,由于您没有.cloudapp.net域名,我认为您不能为此购买SSL证书。如果您愿意,可以创建自签名证书并使用它。
#2
5
I would walk through the documentation listed here: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
我将介绍此处列出的文档:http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
#3
1
Since you're getting a timeout with HTTPS (rather than a certificate error), check that you have a HTTPS endpoint defined in ServiceDefinition.csdef.
由于您使用HTTPS获得超时(而不是证书错误),请检查您是否在ServiceDefinition.csdef中定义了HTTPS端点。
Additionally, be aware that the redirect-to-subdomain approach isn't much more secure than using a self-signed certificate. The reason browsers reject self-signed certs is that they are vulnerable to spoofing attacks: a user can't detect if an attacker has, for example, hijacked the DNS to point to his IP address instead of yours, where he hosts a facade of your site that just collects passwords or whatever.
此外,请注意,重定向到子域方法不比使用自签名证书安全。浏览器拒绝自签名证书的原因是它们容易受到欺骗攻击:用户无法检测攻击者是否有劫持DNS指向他的IP地址而不是你的IP地址您的网站只收集密码或其他任何东西。
In your scenario, the cloned site could redirect to another a second clone, one that is a facade of your cloudapp.net site. It could be even be secured with the attacker's SSL certificate. Unless the user was trained to recognize the host name of the real cloudapp.net, she wouldn't know she was on the attacker's "secure" site.
在您的方案中,克隆的站点可以重定向到另一个克隆,一个是您的cloudapp.net站点的外观。甚至可以使用攻击者的SSL证书来保护它。除非用户经过培训才能识别真正的cloudapp.net的主机名,否则她不会知道她是在攻击者的“安全”网站上。
#4
0
** Update: This method is not valid as well, we got the certificate revoked after one week using it **
**更新:此方法也无效,我们在使用一周后取消了证书**
We use this approach for staging/dev servers:
我们将此方法用于登台/ dev服务器:
If you don't want to use a self-signed certificate, one option is to purchase a cheap SSL certificate, e.g.:
如果您不想使用自签名证书,一种选择是购买便宜的SSL证书,例如:
https://www.ssls.com/comodo-ssl-certificates/positivessl.html
https://www.ssls.com/comodo-ssl-certificates/positivessl.html
Then once you need to approve it you have to ask support to change the approver validation process: instead of sending an email to a admin@mydomain.cloudapp.net you can ask to change the validation process to placing a given file with a given file in the root of your website (you have to ask in the support / chat room about that option).
然后,一旦您需要批准它,您必须要求支持人员更改批准者验证过程:您可以要求将验证过程更改为将给定文件与给定文件放在一起,而不是向admin@mydomain.cloudapp.net发送电子邮件在您的网站的根目录(您必须在支持/聊天室询问该选项)。
More info:
更多信息:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/791/16/alternative-methods-of-domain-control-validation-dcv
#1
13
No. HTTPS is not offered for .cloudapp.net domain as of today. Also since you don't own .cloudapp.net domain, I don't think you can buy a SSL certificate for that. If you want you could create a self-signed certificate and use that.
不会。截至今天,.cloudapp.net域名不提供HTTPS。此外,由于您没有.cloudapp.net域名,我认为您不能为此购买SSL证书。如果您愿意,可以创建自签名证书并使用它。
#2
5
I would walk through the documentation listed here: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
我将介绍此处列出的文档:http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
#3
1
Since you're getting a timeout with HTTPS (rather than a certificate error), check that you have a HTTPS endpoint defined in ServiceDefinition.csdef.
由于您使用HTTPS获得超时(而不是证书错误),请检查您是否在ServiceDefinition.csdef中定义了HTTPS端点。
Additionally, be aware that the redirect-to-subdomain approach isn't much more secure than using a self-signed certificate. The reason browsers reject self-signed certs is that they are vulnerable to spoofing attacks: a user can't detect if an attacker has, for example, hijacked the DNS to point to his IP address instead of yours, where he hosts a facade of your site that just collects passwords or whatever.
此外,请注意,重定向到子域方法不比使用自签名证书安全。浏览器拒绝自签名证书的原因是它们容易受到欺骗攻击:用户无法检测攻击者是否有劫持DNS指向他的IP地址而不是你的IP地址您的网站只收集密码或其他任何东西。
In your scenario, the cloned site could redirect to another a second clone, one that is a facade of your cloudapp.net site. It could be even be secured with the attacker's SSL certificate. Unless the user was trained to recognize the host name of the real cloudapp.net, she wouldn't know she was on the attacker's "secure" site.
在您的方案中,克隆的站点可以重定向到另一个克隆,一个是您的cloudapp.net站点的外观。甚至可以使用攻击者的SSL证书来保护它。除非用户经过培训才能识别真正的cloudapp.net的主机名,否则她不会知道她是在攻击者的“安全”网站上。
#4
0
** Update: This method is not valid as well, we got the certificate revoked after one week using it **
**更新:此方法也无效,我们在使用一周后取消了证书**
We use this approach for staging/dev servers:
我们将此方法用于登台/ dev服务器:
If you don't want to use a self-signed certificate, one option is to purchase a cheap SSL certificate, e.g.:
如果您不想使用自签名证书,一种选择是购买便宜的SSL证书,例如:
https://www.ssls.com/comodo-ssl-certificates/positivessl.html
https://www.ssls.com/comodo-ssl-certificates/positivessl.html
Then once you need to approve it you have to ask support to change the approver validation process: instead of sending an email to a admin@mydomain.cloudapp.net you can ask to change the validation process to placing a given file with a given file in the root of your website (you have to ask in the support / chat room about that option).
然后,一旦您需要批准它,您必须要求支持人员更改批准者验证过程:您可以要求将验证过程更改为将给定文件与给定文件放在一起,而不是向admin@mydomain.cloudapp.net发送电子邮件在您的网站的根目录(您必须在支持/聊天室询问该选项)。
More info:
更多信息:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/791/16/alternative-methods-of-domain-control-validation-dcv