OUR WEBSITES
CLOSE

Know it first and engage with us on all channels

USA / Canada
1111, St-Charles Street West, Suite 255
Longueuil, Quebec
Canada J4K 5G4
Toll Free: 1-877-398-0999
Phone: 1-514-398-0999
Europe

Hoejbro Plads 10
1. Floor
1200 Copenhagen
Denmark
General Inquiries & Sales:
+45 39157600

Azure
Configuration
SSL

SSL

Provide communication security with SSL for your websites deployed with the CMS Azure package

To allow secure communication for your websites on Microsoft Azure with SSL, in addition to the standard steps for deploying a website with the CMS Azure package, you should:

  1. Prepare and upload a certificate to the cloud service where the web role is or will be running.
  2. Configure the web role to install the uploaded certificate.
  3. Configure the website to use the secure protocol.

Please note that the pre-built service package supports multiple certificates in the web role (up to 10 certificates).

Its service configuration file includes 10 certificate slots, each set to the thumbprint of the default certificate.

<Certificates>
  <Certificate name="CertificateSlot0" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot1" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot2" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot3" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot4" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot5" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot6" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot7" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot8" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
  <Certificate name="CertificateSlot9" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
</Certificates>
The default certificate and its thumbprint in the configuration serve as a placeholder for real certificates if needed.

If you don’t need SSL in your web role, keep the default certificate settings.

Otherwise, you can overwrite a value for one of the slots and, thus, have the service package install your certificate in the web role. It works both for the already deployed web role and the web role to be deployed.

<Certificates>
	<Certificate name="CertificateSlot0" thumbprint="F182190033077DC6785CFE87FFCA1CD69346DAAA" thumbprintAlgorithm="sha1" />
	<Certificate name="CertificateSlot1" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
	<!-- … -->
</Certificates>
Let's consider each SSL setup related step in detail.

Uploading a certificate to the cloud service

Before having the certificate installed in the web role, you should prepare and upload a certificate to be used for secure communication (SSL).

Preparing the certificate is up to you and is not part of this guide. The certificate file should be in PFX format.

To upload the certificate to the cloud service:

  1. In Microsoft Azure Portal, open the cloud service in use (All Resources / [your cloud service]).   
  2. Click “Certificates” below “Settings”.
  3. Click “Upload” to upload your certificate.
  4. Browse to, and select, the certificate (.pfx).
  5. Specify the password for it.
  6. Click “Upload” down below.
  7. Make a note of, or copy to the clipboard, its thumbprint (visible on the “Certificates” tab after the certificate has been successfully uploaded.) You'll be using it in the next few steps.

The certificate thumbprint should read something like this: F182190033077DC6785CFE87FFCA1CD69346DAAA

Installing the certificate in the web role

An existing web role

If you have already deployed a web role with the pre-built service package in a cloud service, you can change its configuration via Microsoft Azure Portal to include up to 10 certificates.

This will install the specified certificate in the web role.

To add a new certificate to the configuration of the existing web role:

  1. Make sure you have uploaded the certificate to the cloud service as described above.
  2. In Microsoft Azure Portal, open the cloud service in use (All Resources / [your cloud service]).
  3. Click “Configuration” below “Settings”.
  4. In the “Configuration” view below “Certificates”, locate a free certificate slot (0 to 9). Normally, its Thumbprint value is set to that of the default (“dummy”) certificate that comes with the service package you’ve deployed the web role with.
  5. Replace the Thumbprint value of the default certificate with the thumbprint of your certificate.
  6. Click “Save”.

Note. This will start the process of installing the certificate in the web role and might take some time.

A new web role

You can deploy the web role in a cloud service specifying the thumbprint of your certificate in the service configuration file.

  1. Make sure you have uploaded the certificate to the cloud service as described above.
  2. Edit the service configuration file.
  3. Below <Certificates>, locate a free certificate slot (0 to 9), normally the one set to the default (“dummy”) certificate.
  4. Replace the value in the thumbprint attribute to the thumbprint of your certificate.
  5. Save the changes.

<Certificates>
	<Certificate name="CertificateSlot0" thumbprint="F182190033077DC6785CFE87FFCA1CD69346DAAA" thumbprintAlgorithm="sha1" />
	<Certificate name="CertificateSlot1" thumbprint="8057987CA86216898EE2E06A93DAC725D8F00FE3" thumbprintAlgorithm="sha1" />
	<!-- … -->
</Certificates>
Now deploy the web role with the service package using this configuration file.

Configuring the website to use the secure protocol

Once you’ve uploaded your certificate to the cloud service in use and have it installed in the web role, you are ready to configure the website to use SSL.

While configuring the website uploaded to the blob storage, you should additionally set up bindings to work with the secure protocol. Normally, it means adding a binding with the hostname in use with:

  • the port number used for SSL (443 by default) and
  • the thumbprint (hash) of your certificate

Example:

<Bindings>
    <Binding hostname="contoso.com" />
    <Binding hostname="contoso.com" port="443"
certificateHash="F182190033077DC6785CFE87FFCA1CD69346DAAA" sni="true"/>
</Bindings>

{blob-storage}/{website-container}/Configuration/WebsiteConfiguration.xml

ABOUT C1 CMS IN SHORT

C1 CMS is a powerful Content Management System that scales out in the cloud. C1 CMS Foundation is one of the world’s best-rated free Open Source CMSes. Built on the Microsoft stack and installed in more than 100 countries. C1 CMS is also seamlessly integrated in our Unified Commerce offering - Orckestra Commerce Cloud.


UPDATES ABOUT C1 CMS

Get a regular digest about the C1 CMS. Learn about releases, solutions, features with a dash of technology.