2

I need to purchase and install the correct Verisgin SSL certificate(s) (X.509) on Azure. I have never done this before and would really appreciate some advice on how to go about it and what is considered best practice for production and testing environments. I'l explain the scenario.

Our Site

Is hosted on Azure. We will have a development environment and a production environment running there (not sure how yet). It needs to consume an .asmx web service.

Third Part SSL Secured Web Service

We need to connect to this and they have given us a CA to install on our server. I think we then need to give them our public certificate to install on their server. They provide a test server that also requires this set up. I have no influence over how they do things.

What I'd like advice on

I would like to run integration tests from our development server (or preferably my local machine, if possible to use the same certificate?) against their test server using our purchased SSL. I would prefer not to have to publish to Azure at all during initial testing but don't see any other way without us purchasing multiple certificates, and then having to ask the third party to install all of them on their test server.

  1. How should I be looking to develop and test in this situation with minimum hassle to third party?
  2. Do I need multiple certificates for this from Verisign as it looks as if on certificate is for one domain only.
  3. Does Azure see a testing server and Development environment as different domains as far as certificates are concerned?
  4. Is Anything else that you think would help me here?

I'm sorry for the novice questions. I have done research on this but I'm still confused and don't want to waste my client's money or set up something that's wrong and not testable.

I hope I have been clear and am very happy to elaborate if someone with experience of this is kind enough to help me. I appreciate that I'm asking a lot of questions.

Thanks in advance

davy
  • 129
  • 3

2 Answers2

3

Standard DNS tables and Azure are pretty flexible when it comes to helping you test this. I'd recommend the following:

  1. Register for a wildcard SSL certificate - this will let you apply the cert to subdomains as well. For help creating the cert check out http://www.andrewdenhertog.com/tips/creating-adding-ssl-certificates-azure/

  2. If you want to test the cert, create a new A record in your DNS table for a "dev" subdomain and point it at your DEV machine's IP address (make sure you open up port 443 on your firewall)

  3. Another way to test it is to create a staging version of your Azure website. Publish your site to this and then apply your cert just to this version. You can create a CNAME entry in your DNS to be http://staging.yoursite.com so that you don't interfere with production.

  4. Lastly if your LIVE site doesn't have a cert installed, you should be right to install the cert anyway and manually navigate to https://... Your main traffic will continue to hit the http:// version until you add a rewrite to force https once you're happy with it

Andrew dh
  • 131
  • 2
1

I found a good article that should help you,

http://www.windowsazure.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/

In their example they show a Wildcard cert, because of the (*) in the domain name *.contoso.com or www.contoso.com

If you want a good deal on a Verisign wildcard SSLGURU(DOT)US is a good site that has it for a little cheaper than the Symantec site site

Another thing to consider is how many servers you are going to be using that cert on. The price of a symantec (verisign) certs is per server so if you have 2 servers the price doubles

If I were you I would go with Digicert, SSLGURU(DOT)US has the Digicert wildcard for a way better price than a verisign wildcard and there is also a 10% off promo right now if you use DIGIWILDCARD10% at checkout.

Digicert comes with an unlimited server license, so the price stays the same no matter how many servers you have.

Hope that helps

user40328
  • 11
  • 1