2015-05-25

Free SSL For Azure Websites

Goodness is it that time again when I have to install a stupid SSL certificate on Azure again? There are likely words to describe how much I hate paying money for a large number which isn’t even my own number, however the only person who could describe my hatred has been dead for quite some time.

There are some options for getting free SSL certificates. I’m very excited about the EFF’s Let’s Encrypt but it has yet to be released. This time I decided to try the free SSL certificate from Comodo.

It only lasts 90 days before you have to reissue it and reinstall it but that’s a small price to pay for not paying out a bunch of money. I guess my tollerance for paying for a large number is pretty low as compared with my willingness to follow some steps on a website every 3 months.

Step one was to generate a new key and a new certificate signing request. I had my mac handy so OpenSSL was the tool of choice

1
2
3
openssl req -new -sha256 -key my.domain.com.key -out my.domain.com.csr
openssl req -noout -text -in my.domain.com.csr

The second command prompts you for a variety of information such as your company, address and country. The resulting file should be pasted into the box on the comodo site. The generation software should be listed as OTHER and the hash algorithm SHA-2.

Screenshot of the information form

Eventually you’ll be e-mailed a zip file containing a cluster of keys. Some of theme are server intermediate keys but comodo is a pretty well known so you probably don’t need these certificates. The one you want is the one called my.domain.com.crt.

Thie crt is combined with the key file generated by the first OpenSSL

1
openssl pkcs12 -export -out my.domain.com.pfx -inkey my.domain.com.key -in my.domain.com.crt

Now we have a .pfx file we can upload this to our azure website under the Custom domains and SSL tab.

http://i.imgur.com/yX2aemt.jpg

Because of the beauty of SNI you can have multiple domains on a single instance using their own SSL certificates.

Now you have a nice free SSL certificates that you just need to remember to renew every 90 days.


comment: