How to configure SSL in Sitecore Azure

  • Description

    Sitecore CMS supports configuration of the Secure Socket Layer (SSL) encryption to secure the data sent across the internet.

    The current article provides a list of techniques that can be used to manually create a self-signed SSL certificate, upload it to Azure Cloud Service, and configure an HTTPS (SSL) endpoint for a Sitecore solution when using the Sitecore Azure module.

    Note:

    The basic information about configuring SSL for an application in Microsoft Azure can be found at:
    http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/

  • The recommended approach to configure SSL in Sitecore Azure is as follows:

    1. Run the Internet Information Services (IIS) and double-click on the Server Certificates feature.

      Step 1

    2. In the Actions section, click the Create Self-Signed Certificate.

      Step 2

    3. In the Specify Friendly Name dialog, fill a certificate name and click OK button.

      Step 3

    4. Right-click on the created certificate and select Export... menu.

      Step 4

    5. In the Export Certificate dialog, set a path for the *.pfx file (private key) and fill the password fields.

      Step 5

    6. Log in to the Microsoft Azure Management Portal using the https://manage.windowsazure.com URL.
    7. In the Cloud Service section, select a cloud service entry that represents the Sitecore solution or create a custom Cloud Service.

      Step 7

      Note: how to use a custom Azure Cloud Service in Sitecore Azure, see the https://kb.sitecore.net/articles/726135 article.

    8. Switch to the Certificates tab and click the Upload button.

      Step 8

    9. In the Upload Certificate dialog, select the saved *.pfx file and fill the password.

      Step 9

    10. Copy a thumbprint of the uploaded certificates.

      Step 10

    11. Log in to the Sitecore Client and open the Sitecore Azure application.
    12. Select either the Staging or Production slot and click on a data center to add an Editing or Delivery Farm.

      Step 12

    13. In the New Deployment dialog, click the More Options button. The Content Editor with a pre-selected Azure Deployment item appears.

      Step 13

    14. In the CS Pack section, in the Service Definition field, add the following elements:

      <WebRole name="SitecoreWebRole" enableNativeCodeExecution="false" vmsize="Medium">
      ...
        <Endpoints>
        ...
          <InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="SitecoreCertificate" />
        </Endpoints>
        <Sites>
         <Site name="SitecoreWebSite" physicalDirectory=".\SitecoreWebSite">
           <Bindings>      
            ...
      <Binding name="HttpsIn" endpointName="HttpsIn" />     
          </Bindings>
         </Site>
        </Sites>
        <Certificates>
          <Certificate name="SitecoreCertificate"
                       storeLocation="LocalMachine"
                       storeName="Personal" />
        </Certificates>

      ...
      </WebRole>

    15. In the CS Pack section, in the Service Configuration field, add the following element:

      <Role name="SitecoreWebRole">
      ...
        <Certificates>
         <Certificate name="SitecoreCertificate" 
           thumbprint="FAA0D5A05CEAC1E9DFF9F440A0E6B9861AEB5EDF" 
           thumbprintAlgorithm="sha1" />
      </Certificates>

      ...
      </Role>

      Note: use the copied thumbprint value in the Certificates element.

    16. In the Hosted Service section, in the DNS Host Name field, set the Cloud Service with uploaded certificate (*.pfx file) in the Microsoft Azure Management Portal.

      Step 16

      Important: if you create a custom Cloud Service, you must create a custom Storage Service too.

      Note: how to use a custom Azure Storage Service in Sitecore Azure, see the https://kb.sitecore.net/articles/728236 article.

    17. Save changes and close the Content Editor application.
    18. In the New Deployment dialog, click the Start Deployment button.

      Step 18

Applies to:

Azure 3+

August 11, 2014
September 24, 2014

Keywords: 

  • Azure,
  • CMS,
  • Security Vulnerabilities