SSL and Windows Azure Web Sites RRS feed

  • Question

  • If you're interested in using SSL with Windows Azure Web Sites, please read this blog post for a solution. As noted in the post, this is a temporary solution until we provide this feature out-of-the-box.

    Jim Cheshire | Microsoft

    Tuesday, April 2, 2013 1:16 PM

All replies

  • Jim - is there any way the solution provided in this post can be altered so that if the user wants SSL, he gets it. But if the user doesn't want SSL, he gets plain http instead?

    For my site, before a user is not logged in I want all content to be over a non-secured protocol. But when he logs in, I then want info to be over SSL. I can't just force SSL over a particular subdomain (because I'm not using a subdomain for the secured area of the site).

    What I've found is that when I deployed according to the blog post, I'm not able to redirect to a non-secure (http) URL. It keeps forcing me to https.

    Wednesday, April 17, 2013 3:48 AM
  • I *think* I'm making progress on working through the necessary changes in the Web.config file in the WebRole project that is part of this solution.

    But I'm running into another issue: I'm using OAuth for signging into my site. Everything with OAuth was working fine when I had configured the identity providers to point to https://mysite.azurewebsites.net. But once I pushed my site to production and pointed my custom domain to the SSL Forwarder Cloud project, OAuth fails even though I have the identity providers pointing to my custom domain (http://www.mysite.com).

    Could the nature of the SSL Forwarder solution cause issues for OAuth providers? Do I need to still have the OAuth "redirect URL" pointing to my https://mysite.azurewebsites.net address instead of my custom domain? (Actually, you don't configure anything when using Google OAuth service, and that doesn't work, either.)

    [EDIT] In the case of the Microsoft identity provider, it won't even get to the login page. In the case of the Google identity provider, it takes you to the login page but my asp.net mvc app displays a login failure when it returns. I'm using the login/security code that comes in the default internet project template.

    • Edited by Tim SF Wednesday, April 17, 2013 12:14 PM
    Wednesday, April 17, 2013 12:10 PM
  • When the permanent solution be available..?? Its only 1 years gone so far to look for SSL support...

    Initial promise of April is ending as-well... One of my customer is hammering his head on the wall.. because of my recommendation of Azure...

    What is deadline of permanent solution?  Is this temp solution to delay for another year?

    Sunday, April 21, 2013 12:56 PM
  • Hi,

    We have planned to have our site developed in Windows Azure Website. We recently learned that there is no in-box feature for adding SSL certificate to the site. However we needed to understand the cost incur if we use the above the mentioned mechanism, as it includes an Azure Cloud service and a website.


    Monday, April 22, 2013 6:43 AM
  • Feroz - you can look here for cost information on running the cloud service.
    Monday, April 22, 2013 11:44 AM
  • Jim, When the permanent solution be available..??   I remember you guys said April?  What are the new time lines?
    Tuesday, April 30, 2013 6:53 AM
  • Hi, Haque20. To be fair, I said that we were shooting for April or May. We are on-track for hitting that timeline, but I don't have a specific date to share with you.

    Jim Cheshire | Microsoft

    • Proposed as answer by Haque20 Friday, June 7, 2013 7:02 PM
    Tuesday, April 30, 2013 12:53 PM
  • Hi Jim..

    Any Updates ??? .. Mid May is around the Corner

    Friday, May 10, 2013 11:36 PM
  • Nothing has changed. We're still hoping to have this done sometime this month.

    Jim Cheshire | Microsoft

    Tuesday, May 14, 2013 6:59 PM
  • Jim, it's mid May and still nothing here.  Do you think this is still around the corner? My company is starting a new development and this is crucial.


    Thursday, May 16, 2013 2:16 AM
  • Thanks Jim,   Looking forward to see the module in Management portal. 14 days left , ending may soon!
    Thursday, May 16, 2013 7:30 PM
  • Yeah, and meanwhile we have to actually pay extra $ for a workaround SSL. Not good.
    Friday, May 17, 2013 7:40 AM
  • 07 working days left... !
    • Edited by Haque20 Wednesday, May 22, 2013 8:26 PM
    Wednesday, May 22, 2013 8:26 PM
  • I am sure we will see it this month !
    Friday, May 24, 2013 11:42 AM
  • I'm hoping for this too very soon.

    It's a pretty bad oversight for an organisation like Microsoft.

    I'm nearly ready to launch, but will have to go with Amazon until MS pulls their finger out.

    Sunday, May 26, 2013 3:43 AM
  • As per Microsoft commitment they said "sometime this month",  still 04 days left... my guess they will pull trigger on 31st-May-2013 23:59:59.  Fingers crossed!   My customer is asking me daily... 
    Monday, May 27, 2013 11:29 AM
  • I'm "Hedging" my Risk Exposure.. I can't put all my Eggs in One Basket.. Iv'e Already Starting moving Services to Amazon AWS .
    Monday, May 27, 2013 2:01 PM
  • We will be very close to the original timeframe we were aiming for. I don't have a date to announce, but it will be very soon.

    Jim Cheshire | Microsoft

    Tuesday, May 28, 2013 11:29 PM
  • Jim, would be very helpful if you could let us know the approximate date.
    Thursday, May 30, 2013 11:34 AM
  • Jim, Thanks for update..  Would appreciate we could have timeline, my customer are waiting for this since an year now and its get panic.    I believe you are taking about +- 1/ 2 days,  end of current month as deadline.   If you mean another couple of months then please let us know so that we can move to some other service provider.
    Thursday, May 30, 2013 7:44 PM
  • It will not be another couple of months. That's all I can tell you right now. Very soon.

    Jim Cheshire | Microsoft

    Thursday, May 30, 2013 7:59 PM
  • Hello Jim, 

    do you have any update right now?

    Sunday, June 2, 2013 2:38 PM
  • Looks like the Azure websites management portal just updated. Custom SSL certs are now live! Looks like they bill per SSL cert per type: $6/month for an SNI based cert and $26/month for an IP based cert (sourced from websites pricing FAQ). Kind of wish they would just roll SSL support into the current pricing but it is what it is I guess.

    Side note: Looks like you they added the ability to select the bitness (32bit or 64bit) of the platform your running on for reserved instances as well.

    UPDATE: Looks this answer becomes more interesting with the upcoming MSDN benefit changes [$150 monthly credit - a la cart with reduced pricing for websites, virtual machines and cloud services]

    • Edited by emed795 Monday, June 3, 2013 1:59 PM Corrected SNI
    Monday, June 3, 2013 7:49 AM
  • emed795, if I am reading correctly, the new MSDN offer is only valid for test and development, not for production. Is this correct? If so, I do not see any benifit:

    Use right (new) Development and Testing. (old) Development, Testing and Production.

    Now that Azure charges for using the SSL on websites, isn't it cheaper to go with a Web Role?

    About the MSDN benefits found the following here: http://msdn.microsoft.com/en-us/subscriptions/dd364988.aspx

    "As an MSDN Subscriber, you receive a monthly credit to use for whatever Windows Azure service you want. Build native cloud applications, test existing applications in virtual machines or create hybrid applications that span your datacenter and Windows Azure.  Eliminate the cost of buying hardware for testing by using your Windows Azure MSDN credits.  Take advantage of instant provisioning to develop and test applications faster.  Use elastic scale to test real world scenarios. "

    They only mention "Test".

    • Edited by TeoMorell Monday, June 3, 2013 8:21 PM Found additional info
    Monday, June 3, 2013 8:18 PM
  • Teodorico2, oh that's interesting must have missed that. Well it's still useful for dev and test. The original MSDN benefits did include production usage so that's a disappointing change from the old program.

    • Edited by emed795 Monday, June 3, 2013 10:00 PM
    Monday, June 3, 2013 9:58 PM
  • Indeed. You can go to your portal and opt-out and you will remain on the same subscription model until August 2014; I just did.

    The main reason I chose Azure over Amazon AWS was the benefit for MSDN subscribers. Now that the benefit is gone, we have to re-evaluate costs.

    Monday, June 3, 2013 10:02 PM
  • Looks like the new MSDN benefits offer just became more interesting again. According to Scott Gu on his blog, he made a comment that the BizSpark version of the new MSDN benefits offer will support production usage along with dev/test.


    Monday, June 3, 2013 10:23 PM
  • I would like to hear other members opinion. Why would we pay $39 at month plus the SSL certificate itself instead of using a web role? Price for a reserved website is the same as a web role.

    Unless I am mistaking, we can install an SSL certificate on a web role without paying extra.

    Tuesday, June 4, 2013 12:44 PM
  • I would like to hear other members opinion. Why would we pay $39 at month plus the SSL certificate itself instead of using a web role? Price for a reserved website is the same as a web role.

    Unless I am mistaking, we can install an SSL certificate on a web role without paying extra.

    I am wondering the same thing. I had an SSL cert installed for my web role without any issue or additional cost. As it stands right now, adding SSL makes websites significantly more expensive than web roles, which is unfortunate.
    Tuesday, June 4, 2013 2:42 PM
  • I would also like to hear from others. $39 additional per website seems like a huge typo.

    Honestly, I wouldn't expect to pay anything extra to add SSL to a website except the purchase of the actual cert. Justifying $39 a month per website seems like either I'm missing something or the Azure Leadership is.

    This is especially perplexing when technically, anyone can access an SSL version of a website since it's wildcarded by MS anyways - of course you get the warning, but still...

    Wednesday, June 5, 2013 2:04 PM
  • Jim great work on getting this shipped, whats the deal with intermediate certificates on Azure Websites, seems to be no mention or facility for adding them?
    Wednesday, June 12, 2013 4:51 PM
  • Mark,

    Our current architecture doesn't allow us to do this safely. It's not likely to happen in the near future.

    Jim Cheshire | Microsoft

    Wednesday, June 12, 2013 7:25 PM
  • Actually, Mark, let me get some clarification. Are you using chained certs or are you just trying to use an intermediate cert? If the latter, yes, we will support this very soon. One of the guys on the team plans to blog about this soon.

    Jim Cheshire | Microsoft

    Wednesday, June 12, 2013 7:33 PM
  • I am actually using a chained certificate from GoDaddy, i am guessing you don't have the intermediate certificate and in Azure Serivice you allow for the intermediate to be uploaded but in Azure Websites obviously you dont make allowances to upload the intermediate, slightly ironically what happens is XP users using Internet Explorer hitting the website without the intermediate get a "There is a problem with this website's security certificate." error.

    Could you install the GoDaddy intermediate, would that be possible? Save me moving back to me old hosting environment...

    Thursday, June 13, 2013 5:13 AM
  • Jim any news on this, i spoke to Nir Mashkowski via twitter and he said he had rolled a fix for this last week but as far as i can see it still does not work. 
    Wednesday, June 26, 2013 4:55 PM