13

I am new in Windows Azure, previously I have used Amazon Web Services.

In AWS you can set a SSL certificate for a Load Balancer and use it in listeners, so you don't need to worry about that in the web server.

Is it possible to set a SSL certificate for an Azure VM endpoint?

RodrigoOlmo
  • 704
  • 1
  • 5
  • 10
  • Are you talking about Azure Virtual Machines or Cloud Services? Do you want to terminate SSL outside the actual VM? – Simon Opelt May 29 '14 at 13:37
  • 1
    Virtual Machines exists inside a Cloud Service, right? I want exactly what you said: terminate SSL outside the VM so the web server (Nginx) can handle the request as a regular HTTP request. – RodrigoOlmo May 29 '14 at 13:48
  • 1
    Virtual Machines (IaaS) and Cloud Services (PaaS) are distinct products. External SSL termination is not currently offered as a core product in azure. You could use a cloud service or VM to build your own load balancer/SSL endpoint, look at ARR or third party solutions for SSL termination in Azure. – Simon Opelt May 29 '14 at 13:52
  • Thank you @SimonOpelt, I will use a traditional web server running in a VM to handle this. – RodrigoOlmo May 29 '14 at 18:00

4 Answers4

6

Azure Load Balancer is a layer 4 device, so it can't do SSL termination.
You can use Azure Application Gateway which is a Layer 7 Load Balancer, and it can do SSL termination. see here: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-portal

EDIT: I am trying to understand if you are in "classic" VMs or not. Reading your the comments to your question, you ask if Azure VMs are in "Cloud Services" which implies you are in "classic", but it is unclear if you ask this because you have read the wrong doc, or this is the implementation you have. Anyway is it very recommended you get off "classic" and work with modern VMs. Especially for new deployments.

itaysk
  • 5,852
  • 2
  • 33
  • 40
0

Loadbalancer comparation

AWS

Application Load Balancer - Layer 7 - HTTP, HTTPS
Network Load Balancer - layer 4 - TCP, UDP, TLS 
Classic - Layer 4/7 - HTTP/HTTPS(layer 7), TCP, SSL/TLS(layer 4)

Azure

Load Balancer - Layer 4 - TCP and UDP
Application Gateway - Layer 7 - HTTP, HTTPS(support SSL)
Daniel Delgado
  • 4,813
  • 5
  • 40
  • 48
-1

Yes you can

Please check the documentation here:

http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/

Jordi
  • 2,789
  • 1
  • 20
  • 35
  • Thank you for your answer. But that is only for management certificates, or am I missing something? – RodrigoOlmo May 29 '14 at 13:44
  • I did not down-vote you but just wanted to add that the doc you liked to talked about Cloud Services, a "classic" component that Microsoft generally advise against for new deployments. – itaysk Jan 15 '17 at 08:28
-2

The Azure terminology is a little different from that of AWS. You can use the Azure Traffic Manager to offload TLS/SSL:

http://www.hanselman.com/blog/CloudPowerHowToScaleAzureWebsitesGloballyWithTrafficManager.aspx

(The Azure Load-Balanced Sets use round-robin DNS balancing, with VMs directly visible, whereas the Traffic Manager hides VMs behind the VIP)

Matthew Skelton
  • 2,220
  • 21
  • 21
  • Just seen a similar StackOverflow post on this :) http://stackoverflow.com/questions/27447770/traffic-manager-azure-website-how-do-i-configure-custom-dns-ssl – Matthew Skelton Oct 08 '15 at 14:34
  • 1. The post you liked to talked about configuring SSL for Azure Websites, the OP asked for Azure VM. 2. This statement is not true: `You can use the Azure Traffic Manager to offload TLS/SSL`. TM is just a DNS service – itaysk Jan 15 '17 at 08:26
  • @itaysk - I think the Traffic Manager functionality may have changed since I wrote this. – Matthew Skelton Jan 26 '17 at 17:28