stackoom
  简体   繁体   中英

Azure SSL Configuration

 原文  2015-06-24 01:43:35       azure/ ssl

Question

I created, through a third party (StartSSL), an SSL certificate for my Azure website. I was able to upload it, but when I surf to the site I get security warnings about obsolete security algorithms and the like.

The domain is elect.olbert.com. Can someone explain to me what I need to do to fix these problems? I'm new to Azure and, frankly, the documentation there is not all that accessible.

3 answers

solution1
 2 ACCPTED  2015-06-24 07:28:21

You can use Qualys SSL labs to get a detailed report about your SSL configuration:

https://www.ssllabs.com/ssltest/analyze.html?d=elect.olbert.com

In this case, the report lists 2 weak cipher suites, both related to the RC4 cipher. This is now considered insecure and you are recommended to disable it.

https://en.wikipedia.org/wiki/RC4

According to Microsoft, at the time of writing this answer (June 2015) it is not possible to change the cipher suites on Azure Websites because they are controlled at the guest OS level and the OS is shared on Azure websites. Many people have asked for this feature though and they are estimating that it will be in production from mid July 2015

https://social.msdn.microsoft.com/Forums/azure/en-US/50f1ab33-c22a-4629-951e-b7510f6b2cbe/upgrading-tlsssl-cryptography-for-azure-web-apps?forum=windowsazurewebsitespreview

If you can wait until then, and they deliver on time, you should be OK. If you can't wait, or if there are problems that cause them to delay the push to production, then you will need to change your hosting. Note: In general, you should expect to get less control over these sorts of things with Azure WebSites. That is part of the trade-off that they offer of low maintenance vs. reduced control.

If you want to stay on Azure, you can use a WebRole instead of Azure WebSites. This gives you the control you need, but it will be more expensive.

solution2
 1  2015-06-24 06:23:46

At https://elect.olbert.com/Account/Login I can see warning about not secure certificate, because it - or any parent certificate in chain! - use SHA1 for signature - this is no longer considered safe. See here :

https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1

This is not issue with Azure, but wrong (obsolete technology) certificate. Just get new one with SHA256 or better.

solution3
 -1  2016-01-25 16:22:53

Let's Encrypt's certificates, which are also free, are currently getting an A grade from Qualys SSL Labs on Azure Web Apps.

You could try switching over to them, but that requires using the "Azure Let's Encrypt" site extension to handle configuring IIS.

Let's Encrypt has an unusual model when compared to other certificate authorities. Acquiring a certificate from them is done in an entirely automated fashion, and you have to renew your certificates much more frequently - which is what the site extension makes easy.

There are several steps required to get the certificate in place, but I've put together a full step-by-step write up that walks you through them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Microsoft Azure SSL configuration How to troubleshoot an Azure Functions SSL configuration Azure Cloud Service configuration for multiple SSL certificates Why does Windows Azure Tools insist that my SSL configuration is incorrect? Can I use App Service Certificates in Azure VM for ssl configuration Does an Azure Virtual machine image maintain SSL configuration? Azure App Gateway: 502 / SNI/SSL issue? Configuration with App Service What would the correct SSL configuration be for a Docker image running Nginx on Azure Azure Front Door and DNS Configuration for SSL “bare” (without www) Custom Domain SSL Certificate for Azure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM