Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

0
0

The information you send on the Internet is passed from computer to computer to get to the destination server. The least you can do

to provide privacy, critical security and data integrity for both your websites and your users’ personal information is to have your application secured under an SSL certificate.

SSL providers need to set up a trusted infrastructure and validate your app’s identity, so there is cost involved. However, Let’s encrypt is a free, automated and open Certificate Authority that provides a certificate for your website’s domain; in this post we will describe all the necessary steps needed to add an SSL certificate to your Azure Web Application.

Set your Azure App Service Plan at least to Basic

In order to get Let’s Encrypt running on Azure Web Apps or have any other SSL/TLS certificates, your Azure App Service plan should be scaled up to at least Basic, which allows SNI (Server Name Indication) and Custom Domains / SSL.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt
Step 1. Register your Azure Web App

First of all you need to register your application in the Azure Active Directory. To do so from Azure Active Directory , click on the App Registrations menu, then on New application registration and after you fill in the form with:

Name : the name of our application, in our case “Let’s encrypt-picmin” Application type : Web app / API Sign-on URL : the URL that will be used by your users to sign in (http://picmin.com)
Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

After clicking on the Create button, in a few seconds, an application is going to be registered; from the screen that is going to appear next, you need to keep the Application ID .


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt
Keys & Passwords

Then, click on the Settings menu item and from the new blade select Keys and, in the Passwords table, add a new entry with “securelogin” as description, “1 year” as expiration date and a password as value.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

After clicking on Save at the toolbar above, you will find a hashed value in your entry. As you may see in the relevant notification, you need to copy that value as you won’t be able to retrieve it after leaving that blade.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt
Step 2. Add permissions to your Azure Web App

Next, you need to go to your web application and selectfrom the sidebar the Access control (IAM), then the Role assignment from the Access Control panel, then click on Add menu item and, from Add permissions panel, select Contributor as Role, leave assign access to Azure AD user, group, or application and select the name of the application you have previously registered in the Azure Active Directory. In our case it is Let’s encrypt picmin; after thatclick Save .


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt
Step 3. Extensions

In this step you need to assign the Let’s Encrypt Extension to your Azure web app and, to do so, scroll down your options on the left sidebar and pick Extensions from that list.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

and, after accepting the legal terms, the extension will be setup to your web app.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt
Step 4. Restart Azure Web App

If you click on the extension name, a new page will be launched with url https : //picmin.scm.azurewebsites.net/letsencrypt/ and you may end up with the following error:

“No route registered for ‘/letsencrypt/'”

This is because the application needs to be restarted for Let’s encrypt extension to be enabled .

Restart site using KUDU services

Please note the scm between your app’s name and azurewebsites. This is the KUDU services that provide a set of troubleshooting and analysis tools for your Azure web application.

So to restart your application, you can go tohttps://{app_name}. scm .azurewebsites.net/SiteExtensions/#installed and click on the Restart Site button at the top right corner.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

If you want to learn more about KUDU services you can read this post .

Step 4. Let’s Encrypt Authentication Settings

There are three ways to access Let’s Encrypt authentication settings, by navigating to urlhttps://{app_name}.scm.azurewebsites.net/ letsencrypt/,

by clicking the “Play” button in the KUDU site extensions page


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

or by clicking the name in Extensions panel and then clicking on the Browse link.


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

Once you are at the Let’s Encrypt authentication settings,you will have to fill in some information; let us see where you can find this info.

You can get letsencrypt:Tenant by clicking on the Directory and Subscription filter at the top toolbar of the Azure portal:


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

letsencrypt:ClientIdis the value of the clientid of the service principal and can be found in the registered application dashboard, as shown in Step 1


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

and letsencrypt:ClientSecret is the secret for the service principal which is the value you copied earlier, when you created a new password for “securelogin” in thekeys section.

Finally, subscriptionId and resource groups can be found in the web app’s and the app service plan’s main dashboard:


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

So, Let’s Encrypt settings will look like this:


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

In the screen that will appear next you can see the custom domains that are associated with your Azure web app:


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt

and in the final screen you will need to choose the domains to setup your certificate for


Secure your Azure Web App using SSL Certificate provided by Let’s Encrypt
Step 5. Add SSL binding to your web app Finally, you need to add an SSL binding for your domain and, to do so, you have to click on SSL Settings from the Azure web app options sidebar, set HTTPS Only to On , Minimum

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images