WCF和Azure:用真实证书替换自签名证书
[英]WCF & Azure: Replace Self-Sign Certificate with a Real Certificate
问题描述
I've a WCF that runs in Azure as a Cloud Service (with out SSL). 
我有一个在Azure中作为云服务运行的WCF(不带SSL)。
I have implemented on the same project SSL, locally. 我已经在本地的同一项目SSL上实现了。 (with self-sign certificate) (附自签名证书)
After I experimented locally and saw that everything works well, I purchased real certificate on Go Daddy, now I need to figure out a couple of points: 当我在本地进行实验并看到一切正常之后,我在Go Daddy上购买了真实的证书, 现在我需要弄清楚几点:
I saw a couple of articles that shows how to set the configuration of a role in order to publish the WCF to Cloud Service with HTTPS. 我看到了几篇文章,展示了如何设置角色的配置,以便使用HTTPS将WCF发布到Cloud Service。 In those articles they adding the certificate by choosing from the certificates that installed on the computer and then associated the certificate to the HTTPS endpoint. 在这些文章中,他们通过从计算机上安装的证书中进行选择来添加证书,然后将该证书与HTTPS端点关联。
- In order to associated certificate to the WCF I must have the certificate installed locally ? 为了将证书关联到WCF,我必须在本地安装证书?
- There is an "Management Certificate" option on Microsoft Azure Portal under Settings to upload certificates and manage them, Do I need to upload my certificate with this option ? 在Microsoft Azure门户的“设置”下有一个“管理证书”选项,可以上传证书并对其进行管理,是否需要使用此选项上传证书?
- Do I need to installed the certificate manually (like I did with the self-sign cert', configure it in IIS and go to MMC and move the cert to "Intermediate Certificate Authorities" and etc) 我是否需要手动安装证书(就像我对“自签名证书”所做的那样,在IIS中配置它,然后转到MMC并将证书移至“中间证书颁发机构”等)
- If I need to do it manually (the answer to question 3 is positive) how can I auto-scale my service? 如果我需要手动进行操作(问题3的答案为肯定),如何自动扩展服务? because the process will need to be automated. 因为该过程将需要自动化。
Thank you. 谢谢。
1 个解决方案
解决方案1
0 已采纳 2015-05-19 01:53:05
Go to your .CSDEF and add these 3 tags (change accordingly): 转到您的.CSDEF并添加以下3个标记(相应更改):
<WebRole name="CertificateTesting" vmsize="Small">
...
<Certificates>
<Certificate name="SampleCertificate" storeLocation="LocalMachine" storeName="CA" />
</Certificates>
...
<Endpoints>
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="SampleCertificates" />
</Endpoints>
...
<Sites>
<Site name="Web">
<Bindings>
<Binding name="HttpsIn" endpointName="HttpsIn" />
</Bindings>
</Site>
</Sites>
...
</WebRole>
Next, open your .CSCFG and add: 接下来,打开您的.CSCFG并添加:
<Role name="Deployment">
...
<Certificates>
<Certificate name="SampleCertificate" thumbprint="9427befa18ec6865a9ebdc79d4c38de50e6316ff" thumbprintAlgorithm="sha1" />
</Certificates>
...
</Role>
Replace thumbprint and thumbprintAlgorithm with the one of your certificate. 用您的证书之一替换thumbprint和thumbprintAlgorithm 。
Finally use Azure portal to upload the deployment package and the certificate or add it to the certificates tab. 最后,使用Azure门户上载部署程序包和证书,或将其添加到“证书”选项卡。 You have to export the certificate with the private key in order to work. 您必须使用私钥导出证书才能工作。
More details on this link: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/ 有关此链接的更多详细信息: http : //azure.microsoft.com/zh-cn/documentation/articles/cloud-services-configure-ssl-certificate/
Answering you last question: As you've upload the certificate with the package, auto scale will use this package to provision the new servers. 回答您的最后一个问题:在将证书与软件包一起上传时,自动扩展将使用此软件包来配置新服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.