26

One great advantage of using Azure Websites is that I can get secure HTTP (HTTPS) without doing nothing: I simply type https://xyz.azurewebsites.net and it works. I don't have to worry about certificates because I use the subdomain that Azure gives me (in the example it would be xyz)

So, what I usually do is that people come by through some registered domain I have, eg. http://www.my-application-homepage.com, and there, if they want to use my application, I redirect them to the subdomain at azurewebsites.net, using HTTPS.

Now, having said that:
I'm in need of upgrading to Azure Cloud Services or Azure Virtual Machines, because these have capabilities that Azure Websites don't . These two also offer a free subdomain: xyz.cloudapp.net, but my question is: will I get HTTPS there too? and how?

I searched in google for some cloudapp examples and what I tested was the following:

1) Connect through HTTP (ie. type http://xyz.cloudapp.net). Result: worked

2) Connect through HTTPS (ie. type https://xyz.cloudapp.net). Result: didn't work (chrome gave ERR_CONNECTION_TIMED_OUT)

sports
  • 7,851
  • 14
  • 72
  • 129

4 Answers4

15

No. HTTPS is not offered for .cloudapp.net domain as of today. Also since you don't own .cloudapp.net domain, I don't think you can buy a SSL certificate for that. If you want you could create a self-signed certificate and use that.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • 3
    You may want to add a comment about it not working for Cert Authority issued certs, but allowed for self-signed certs per charlierlee's answer. As it is some people come here searching for how to use SSL for development purposes only, and may go away with the wrong impression. – Joshua Drake Oct 14 '15 at 18:37
  • 1
    Can you explain why this url is able to make the HTTPS work? https://myskillsuat.cloudapp.net/ I supposed he is buying the cert from CA? – zeroflaw Mar 15 '17 at 10:18
  • 2
    Probably you can configure custom domain with cloudapp.net and then purchase SSL for your custom domain. – Muhammad Ummar Nov 24 '17 at 12:08
  • @Muhammad Ummar....I don’t think it’s possible because you can’t own cloudapp.net domain as it is owned by Microsoft. – Gaurav Mantri Nov 24 '17 at 12:27
  • 1
    @GauravMantri , but we can configure a custom domain with our app service. that's what I meant to say. – Muhammad Ummar Jan 23 '18 at 10:23
  • @MuhammadUmmar That is certainly possible but I don't think that's what OP is after. – Gaurav Mantri Jan 23 '18 at 11:18
  • Looks like some people somehow obtained SSL certificates for their cloudapp.net subdomains: https://msrprograms.cloudapp.net/User/Login, https://timessg.cloudapp.net/SAAS/Login.aspx – Vlad Rudenko Jul 25 '19 at 21:38
6

I would walk through the documentation listed here: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/

charlierlee
  • 180
  • 2
  • 8
  • 1
    You may want to note that the article covers both certs for development which can be used on .cloudapp.net and using a Cert Authority one for a custom domain. – Joshua Drake Oct 14 '15 at 18:34
  • The article says: You cannot obtain a TLS/SSL certificate from a certificate authority (CA) for the cloudapp.net domain. – f01 Aug 04 '20 at 21:01
1

Since you're getting a timeout with HTTPS (rather than a certificate error), check that you have a HTTPS endpoint defined in ServiceDefinition.csdef.

Additionally, be aware that the redirect-to-subdomain approach isn't much more secure than using a self-signed certificate. The reason browsers reject self-signed certs is that they are vulnerable to spoofing attacks: a user can't detect if an attacker has, for example, hijacked the DNS to point to his IP address instead of yours, where he hosts a facade of your site that just collects passwords or whatever.

In your scenario, the cloned site could redirect to another a second clone, one that is a facade of your cloudapp.net site. It could be even be secured with the attacker's SSL certificate. Unless the user was trained to recognize the host name of the real cloudapp.net, she wouldn't know she was on the attacker's "secure" site.

Edward Brey
  • 40,302
  • 20
  • 199
  • 253
0

** Update: This method is not valid as well, we got the certificate revoked after one week using it **

We use this approach for staging/dev servers:

If you don't want to use a self-signed certificate, one option is to purchase a cheap SSL certificate, e.g.:

https://www.ssls.com/comodo-ssl-certificates/positivessl.html

Then once you need to approve it you have to ask support to change the approver validation process: instead of sending an email to a admin@mydomain.cloudapp.net you can ask to change the validation process to placing a given file with a given file in the root of your website (you have to ask in the support / chat room about that option).

More info:

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/791/16/alternative-methods-of-domain-control-validation-dcv

Braulio
  • 1,748
  • 14
  • 23
  • Just a heads up, I've tried this method with a prefix.cloudapp.net, and Comodo refused to issue a certificate, citing a brand validation error. – Raz Apr 20 '15 at 23:17
  • That said, thanks for the heads up about ssls.com - brilliant value for money! – Raz Apr 20 '15 at 23:33
  • Hi Raz, you are totally right, sorry I forgot to update this, after a week using the certificate we got it revoked :-( – Braulio Apr 21 '15 at 07:40
  • Try Symantec. They'll issue anything to anyone. https://boingboing.net/2015/11/01/chrome-wont-trust-symantec-b.html – bzlm Nov 03 '15 at 07:58