1

I have a working Azure web role which I've been using over an http endpoint. I'm now trying to switch it over to https but struggling mightily with what I thought would be a simple operation. (I'll include a few tips here for future readers to address issues I've already come across).

I have created (for now) a self-signed certificate using the powershell commands documented by Microsoft here and uploaded it to the azure portal. I'm aware that 3rd parties won't be able to consume the API while it has a self-signed certificate but my plan is to use the following for local client testing before purchasing a 'proper' certificate.

  ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

Tip: you need upload the .pfx file and then supply the password you used in the powershell script. Don't be confused by suggestion to create a .cer file which is for completely different purposes.

I then followed the flow documented for configuring azure cloud services here although many of these operations are now done directly through visual studio rather than by hand-editing files.

In the main 'cloud service' project under the role I wanted to modify:

  • I imported the newly created certificate. Tip: the design of the dialog used to add the thumbprint makes it very easy to incorrectly select the developer certificate that is already installed on your machine (by visual studio?). Click 'more options' to get to _your_ certificate and then check the displayed thumbprint matches that shown in the Azure portal in the certificates section.

certificates properties

  • Under 'endpoints' I added a new https endpoint. Tip: use the standard https port 443, NOT the 'default' port of 8080 otherwise you will get no response from your service at all

endpoints properties

  • In the web.config of the service itself, I changed the endpoint binding for the service so that the name element matched the new endpoint.

web config for role

  • I then published the cloud project to Azure (using Visual Studio).

At this point, I'm not seeing the results I expected. The service is still available on http but is not available on https. When I try to browse for it on https (includeExceptionDetailInFaults is set to true) I get:

HTTP error 404 "The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable"

error

I interpret this as meaning that the https endpoint is available but the service itself is bound to http rather than https despite my changes to web.config.

I have verified that the publish step really is uploading the new configuration by modifying some of the returned content. (Remember this is still available on http.)

I have tried removing the 'obsolete' http endpoint but this just results in a different error:

"Could not find a base address that matches scheme http for the endpoint with binding WebHttpBinding. Registered base address schemes are [https]"

I'm sure I must be missing something simple here. Can anyone suggest what it is or tips for further trouble-shooting? There are a number of stack-overflow answers that relate to websites and suggest that IIS settings need to be tweaked but I don't see how this applies to a web-role where I don't have direct control of the server.

Edit Following Gaurav's suggestion I repeated the process using a (self-signed) certificate for our own domain rather than cloudapp.net then tried to access the service via this domain. I still see the same results; i.e. the service is available via http but not https.

Edit2 Information from csdef file... is the double reference to "Endpoint1" suspicious?

 <Sites>
      <Site name="Web">
        <Bindings>
          <Binding name="Endpoint1" endpointName="HttpsEndpoint" />
          <Binding name="Endpoint1" endpointName="HttpEndpoint" />
        </Bindings>
      </Site>
  </Sites>
  <Endpoints>
  <InputEndpoint name="HttpsEndpoint" protocol="https" port="443" certificate="backend" />
  <InputEndpoint name="HttpEndpoint" protocol="http" port="80" />
</Endpoints>
<Certificates>
  <Certificate name="backend" storeLocation="LocalMachine" storeName="My" />
</Certificates>
Improve this question
9
  • 1
    I don't think you can apply a self-signed certificate to cloudapp.net domain as the domain is owned by Microsoft. Commented Apr 21, 2018 at 2:23
  • Thanks Gaurav. I may have been led astray by the example here Although it says you can't apply a certificate to cloudapp.net, the powershell example clearly shows a self-signed cert being created for a cloudapp.net domain! I'll try using a cert that points to our own domain.... Commented Apr 21, 2018 at 8:03
  • @Gaurav - thanks for the suggestion. I tried switching the certificate over to our own domain and accessing the service via that but unfortunately I still see the same results; the service is available via http but not on https. Commented Apr 21, 2018 at 8:59
  • 1
    Will it be possible for you to share your csdef file? I am interested in seeing the Sites, Endpoints and Certificates section. There's no need to share other sections. Commented Apr 21, 2018 at 10:05
  • Thanks Gaurav - I've added this information to the original post. The double binding of "Endpoint1" looks a little suspicious to me - maybe this is the problem? Commented Apr 21, 2018 at 10:23
Related questions
6
How to convert an existing Azure Web Role to a new-style Azure Web Site?
1
How to create several web roles, which are using https, within one Hosted Service
1
Convert ASP.Net MVC4 site to Azure
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.