Azure Cloud Service with SSL is not working

Question

We want to configure SSL for our application in Windows Azure Cloud. As per the instructions in windows azure (ref: http://msdn.microsoft.com/en-us/library/windowsazure/ff795779.aspx),

1) we have obtained a SSL wildcard certificate from a CA(godaddy) for our domain *.mydomain.com

2) The CSR is generated from the web server, where the domain is hosted(mydomain.com). And this hosted domain is points to that web server.

3) To complete the Certificate, we uploaded the Security Certificate (.crt) to the hosting server and exported to Personal Information Exchange (.pfx) file from that Server. (i am sure the Friendly Name is match with CN).

4) Then we uploaded the .pfx file into windows azure webrole(cloud service).

5) As per the instructions, we added the Certificate Thumbprint in to the Service Configuration file and set the Certificate name ="MySSLCert".

<Certificates>
    <Certificate name="MySSLCert" thumbprint="1234567890" thumbprintAlgorithm="sha1" />
</Certificates>

6) Then, we added the HTTPS endpoint set up in the Service Definition file in Azure Project. like,

<ServiceDefinition name="AzureSSLTest" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
  <WebRole name="SSLTestproject" vmsize="Small">
    <Sites>
      <Site name="Web">
        <Bindings>
          <!--<Binding name="Endpoint1" endpointName="Endpoint1" />-->
          <Binding name="Endpoint2" endpointName="Endpoint2" />
        </Bindings>
      </Site>
    </Sites>
    <Endpoints>
      <!--<InputEndpoint name="Endpoint1" protocol="http" port="80" />-->
      <InputEndpoint name="Endpoint2" protocol="https" port="443" certificate="MySSLCert" />
    </Endpoints>
    <Certificates>
      <Certificate name="MySSLCert" storeLocation="LocalMachine" storeName="My" />
    </Certificates>
    <Imports>
      <Import moduleName="Diagnostics" />
      <Import moduleName="RemoteAccess" />
      <Import moduleName="RemoteForwarder" />
    </Imports>
  </WebRole>
</ServiceDefinition>

After publishing, when we try to access the application using Azure cloud URL, we get the "Identity not verified" warning.(From Chrome Browser)

From Firefox browser, we get the error details,

testssl.cloudapp.net uses an invalid security certificate.

The certificate is only valid for the following names:
*.mydomain.com , .mydomain.com

(Error code: ssl_error_bad_cert_domain)

Then, we have created the subdomain(test.mydomain.com) and froward that subdomain to Cloud URL(testssl.cloudapp.net), now we try to access our application using hosted subdomain URL, we get the error,

This webpage is not available

The webpage at https://testssl.cloudapp.net/ might be temporarily down or it may have moved permanently to a new web address.

Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.

Pls help me, resolve this issue.

Answer 1

You need to create a DNS CNAME - you cannot use masked forwarding with Azure Cloud Services and SSL. See MSDN for reference - specifically item #6.

Create a CNAME pointing test.iclassicmdm.com → testssl.cloudapp.net