none
Sporadic wrong certificate being served

    Question

  • Hi guys,

    We're currently having an issue with SSL on our Azure Website. We imported an existing certificate from our old web server using the portal, and assigned it to the correct domain using IP based SSL.

    99% (guesstimate) of the time this works correctly, however every so often the website will serve up the *.azurewebsites.net certificate instead.

    Is there something wrong with Azure websites or am I missing something?


    ~~ Graham

    Thursday, September 19, 2013 2:30 PM

Answers

All replies

  • Hi Graham. Can you let me know the name of the site that has this problem?


    http://ruslany.net/

    Thursday, September 19, 2013 5:22 PM
  • Certainly, it's www.talenttoolbox.com though the root redirects to another site. www.talenttoolbox.com/clients/demo will allow you to remain on the site.

    Thanks!


    ~~ Graham

    Thursday, September 19, 2013 7:16 PM
  • Hi Graham,

    Looks like A record for www.talenttoolbox.com points to the default IP addres of Azure Web Sites (137.135.129.175). However after you've enabled IP Based SSL your site was assigned a dedicated IP address, which you can find in the portal dashboard. The IP address is 137.135.131.204. In order for IP SSL to work you will need to change the A record for this host name to point to this dedicated IP address.

    You can find more information here:

    http://ruslany.net/2013/07/how-to-setup-ip-ssl-on-windows-azure-web-sites/


    http://ruslany.net/

    • Marked as answer by Graham Wager Thursday, September 19, 2013 9:34 PM
    Thursday, September 19, 2013 8:59 PM
  • Thank you! Looks like that was the issue. Guess I haven't been the first to be caught out by this!


    ~~ Graham

    Thursday, September 19, 2013 9:36 PM
  • Right, that's why the blog article was written :). Actually if your hostname was a CNAME to <yoursitename>.azurewebsites.net then you would not need to do any IP address remappings and IP SSL would have worked as soon as it was enabled. But since hostname was mapped as A record to an IP address directly it had to be remapped.

    http://ruslany.net/

    Thursday, September 19, 2013 10:08 PM
  • I did consider leaving it as a CNAME but text within the Azure portal when adding a domain seemed to push towards using the A record - perhaps this is something that should be clarified there.

    For example, the hint text next to the "[wrong] IP address to use when you configure A records" says "The IP address that you must use to configure an A record for your custom domain name" and CNAME records seem to only be suggested for verification.

    Anyway, all sorted now so thanks again! :)


    ~~ Graham

    Friday, September 20, 2013 8:53 AM