Tuesday, 7 June 2016

Understand SSL and Implement in Azure Website







What is http?

     Http means hypertext transfer protocol which is present in application layer of the network which is used to exchange or transfer hypertext. For more read here

What is https?

  Https is nothing but hypertext transfer protocol Secure, this can be achieved by implementing the SSL in your application.

Https Vs SSL 

  Http is a protocol in application layer and SSL is nothing but Secure sockets Layer, implemented in transport layer. SSL implements secured bi-directional tunnel for two hosts to communicate. So when SSL is implemented in our website, the http can communicate in the tunnel created by the SSL.

How to get SSL

SSL can be bought online and there are many companies provide SSL like comodo, verisign, trustsign etc. You can learn more about buy SSL @ https://www.sslshopper.com/how-to-order-an-ssl-certificate.html. You also get free ssl from StartSSL

Let us look into the example on how to implement SSL in your azure website.  Considering you have already bought the SSL using any one of the vendor. We used trustsign in our organisation for buying ssl certificate. 

Let us consider the url of the azure web application be SSLimplement.azurwebsites.net and we need to implement the ssl for this application. But we might not use the same azure url for the enduser, so it will be an customized domain url and we can call it as SSLimplementDemo.com

Note:  By Default, all *. azurwebsites.net can be accessed using https and also http. SSL is implemented by default.

You need to add the cname in your domain registrar and also add your azure url. 


Then go to your azure portal to add the CName url created with domain registrar. 

Go to Configure tab and navigate to “Manage domain” and then click it.


Once this is setup you can access SSLimplement.azurwebsites.net using  SSLimplementDemo.com URL. Test it in your browser.

You need pfx key to configure your web app to https compatible in azure and assign the ssl bindings.

You need below keys provided by your SSL provider to create pfx file.

1.       Private Key generally .key extension
2.       Certificate (public key) generally in cer extension
3.       Intermediate certificate Key – generally in PEM Extension
4.       Password used to encrypt the pfx file that will be created


Note: above all keys can also be present in a file with txt extension. File can be of any name or extension it does not matter. 

Now you need to create pfx file using OpenSSL You can download the setup for Openssl.exe here  

Now run the below command to create the pfx file. You need to open your command prompt and paste the altered command as per your information.

Above command will create the pfx file in the same folder unless specified otherwise, with following message


Then navigate back to azure portal.


Click on Upload certificate and upload the pfx file created. Enter the password used while creating the pfx file


Now you can see the ssl certificate in the ssl bindings, populated as dropdown data, select them and save your azure web app.


Once your application changes are saved you can navigate to the app using the https url , https:// SSLimplementDemo.com and test them.

Note: Now your web application can accept both http and https request, if you want to limit your application to https only then you need to change in web.config. 

 

 

Add below code in <System.webserver>


<system.webServer>
    <rewrite xdt:Transform="Insert">
      <rules>
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" ignoreCase="false" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>

Above configuration will redirect any http request with 301 http code to https url. Above example is for .net based azure web application, for other servers such as apache/NodeJS visit here


You can start testing the Https in the browser make sure you see a green lock symbol to check https implementation is fine.



Post SSL Implementation Issues

  • Mostly the issues I faced after converting my http application to https application is mixed content error,where we have used any external reference url in our web app,  that is pointing to http link(Check script/link tag), you need to change them to https link in your application.


















1 comment:

Build Bot using LUIS