This project has moved and is read-only. For the latest updates, please go here.

DNN Azure with HTTPS

Jun 13, 2012 at 9:11 PM
Edited Jun 13, 2012 at 9:12 PM

Using the DNN Azure accelerator was a great experience and everything installed fine.

How do I add SSL to this installation. I have already uploaded my SSL certificates to the DNN cloud service in the Azure portal.

Thx,

Ash

Jun 13, 2012 at 9:27 PM
Edited Jun 13, 2012 at 9:28 PM

Hi Ash,

To deploy using SSL is not different from using SSL with other webapp on Azure. The guidelines are described on the MSDN website (http://msdn.microsoft.com/en-us/library/windowsazure/ff795779.aspx).

The accelerator uploads the service configuration file to the $/packages-container on storage, so you can edit it there and redeploy the site. The VHD contents and database will not be modified between redeployments.

Regards,

David.

Jun 13, 2012 at 9:31 PM

Hum...just noted that for Step 4 is mandatory to rebuild the package associating it on the EndPoint. At this moment, you will need to rebuild the package by downloading the code and modify that setting. I will try to see if this can be automated for the next release. Creating WI.

Jun 13, 2012 at 9:33 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Jun 13, 2012 at 10:55 PM

Thanks David. Looking forward to the new release.

Jun 17, 2012 at 1:07 AM
Edited Jun 17, 2012 at 1:07 AM

Good news, I've done some tests and I have a workaround to not have to rebuilt the package using development tools. Will be on the next release.

Jun 19, 2012 at 2:26 PM

What is the workaround for this.  We have a production application that we are hosting in Azure using DNN and it needs to be under HTTPS.  We have already installed the certificate, but we can not get the site to come up with HTTPS.  But we can have another instance with another normal ASP.NET site, using the same certificate to work with HTTPS.  So we believe that everything is configured correctly, but we can not create the configuration with DNN and the Azure Accelerator.  We can not create/modify the service definition to enable HTTPS for DNN?

Do we need to wait to the next release?

Can you provide the workaround?

Thanks

Jun 19, 2012 at 4:14 PM
Edited Jun 19, 2012 at 4:14 PM

Hi @tsmccartan,

The workaround to not have to rebuilt the package for each DNN installation, is to have "fixed" definitions on the "Certificates" section. If we don't use SSL for a DNN install, the RDP thumbprint will be used to avoid Windows Azure deployment error. 

In this link you can download a package file that uses SSL. Actually there is no UI yet on the Wizard to configure these parameters, so here is a description of how to use it:

1) Manually replace in the file "DNNAzureSingleAndSmall_RDP_SSL.cscfg" the tokens "@@XXX@@" for those ones that are in your actual deployment. 

2) Manually upload your SSL certificate to Windows Azure through the management portal, associating it to the hosted service. The format of this certificate must be a PFX file, and IMPORTANT: make sure that the PFX file includes the private key, and includes all the intermediate certificates from the CA that issued it. If your PFX file does not include the intermediate CA certificates, manually upload them (normally it's more difficult to have these certificates in PFX format that include them in the SSL certificate).

3) Attention to the new SSL settings in the .cscfg file:

<Setting name="SSL.CertificateThumbprint" value="" /> <!-- Type the thumbprint of the SSL certificate -->    

<Setting name="SSL.HostHeader" value="" /> <!-- Host header to bind. Leave it in blank at this moment -->

<Setting name="SSL.Port" value="443" /> <!-- Port to bind -->

4) Also check these new certificate settings in the "Certificates" section. Replace the thumbprints using: 

SSL = SSL certificate thumbprint

SSL.CA1 = Thumbprint of an intermediate CA

SSL.CA2 = Thumbprint of an intermediate CA

Note that if your certificate only have one intermmediate certificate for CA, you can use the thumbprint used for RDP. 

<Certificate name="SSL" thumbprint="@@RDPTHUMBPRINT@@" thumbprintAlgorithm="sha1" />     

<Certificate name="SSL.CA1" thumbprint="@@RDPTHUMBPRINT@@" thumbprintAlgorithm="sha1" />     

<Certificate name="SSL.CA2" thumbprint="@@RDPTHUMBPRINT@@" thumbprintAlgorithm="sha1" />

 

Essentially, the last section means the certificates that WA will install in your instance when deployed, obtaining them from the certificate store associated to the hosted service. Actually HTTPS was not working in your installation, because of these certificates were not being installed on deployment -and the previous accelerator package was not binding anything to the SSL port.

Final note: if your certificate have more than 2 CAs, this package won't work because the trust chain won't be completely configured. I will build a package with at least 5 CAs, that I think that is sufficient in most of the cases.

Hope this helps,

David

Jun 25, 2012 at 1:01 AM

Thanks David. Is the new release going to be out soon.

Looking for a single and extra small package to deploy.

Thx,
Ash

Aug 21, 2012 at 7:31 PM

We have been able to deploy it, but it is only working with the Small Azure Role?

We see that you can use Medium, but that is failing.

We would like to have a package that can deploy it to a LARGE Azure Role.

How do we do that?

Thanks

Aug 30, 2012 at 7:56 PM

Hi @tsmccartan, 

Unfortunately the Large package version was not included in the packages folder to make the download size smaller. You can get the latest version of the source code and build it by yourself by changing the Instance size. If this suppose a problem, just let me know and I will build it for you. 

David

Aug 31, 2012 at 6:45 PM

David,

We tried the following, but it did not work? Do you have any suggestions? Can you do a build of it to see if it works on your end?

1. Downloaded DNN accelerator source code and tried to set large VM, not able to generate package.

a. Reference URL

i. http://dnnazureaccelerator.codeplex.com/SourceControl/list/changesets

ii. https://download-codeplex.sec.s-msft.com/Download/SourceControlFileDownload.ashx?ProjectName=dnnazureaccelerator&changeSetId=16230

2. Tried to create worker role package with Large VM using DNN source code, I was not able to add this website in worker role or in web role project.

It will be helpful if we get the latest source code or package with large VM.

Thanks,

Tom

From: davidjrh [email removed]
Sent: Thursday, August 30, 2012 2:57 PM
To: Tom McCartan
Subject: Re: DNN Azure with HTTPS [dnnazureaccelerator:359504]

From: davidjrh

Hi @tsmccartan,

Unfortunately the Large package version was not included in the packages folder to make the download size smaller. You can get the latest version of the source code and build it by yourself by changing the Instance size. If this suppose a problem, just let me know and I will build it for you.

David


Please consider the environment before printing this message.


This message contains information which may be company sensitive, proprietary, privileged or otherwise protected from disclosure and is intended only for the individual named. If you are not the named addressee, you should not review, disclose, disseminate, distribute, copy or use the contents of this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain malware. The presence of this disclaimer is not a proof that it was originated at Digital Infuzion, Inc. Digital Infuzion therefore does not accept liability for any errors or omissions in the content of this message, which arise as a result of e-mail transmission.
Sep 5, 2012 at 2:18 PM

David,

 

We tried the following, but it did not work?  Do you have any suggestions?  Can you do a build of it to see if it works on your end?

 

    1. Reference URL

                                                               i.      http://dnnazureaccelerator.codeplex.com/SourceControl/list/changesets

                                                             ii.      https://download-codeplex.sec.s-msft.com/Download/SourceControlFileDownload.ashx?ProjectName=dnnazureaccelerator&changeSetId=16230

 

It will be helpful if we get the latest source code or package with large VM.

Or Maybe you can quickly build it to support the Large VM so that we can use it?

Thanks,

Tom