Azure的Web角色 - 多个SSL证书指向一个端点 [英] Azure web role - Multiple ssl certs pointing to a single endpoint
问题描述
有没有一种方法,我可以有多个SSL证书点在服务定义一个inputendpoint?例如,假设我有两个网址的。
Is there a way I can have multiple ssl certificates point to a single inputendpoint in a service definition? For example, lets say I have two url's.
service.foo.net/Service.svc
service.foo.net/Service.svc
service.doo.net/Service.svc
service.doo.net/Service.svc
我想这两个地址解析到我的Windows Azure的服务,但我不知道如何在服务定义进行配置。
I want both of these addresses to resolve to my windows azure service, but I'm not sure how to configure this in the service definition.
<Certificates>
<Certificate name="service.foo.net" storeLocation="LocalMachine" storeName="My" />
<Certificate name="service.doo.net" storeLocation="LocalMachine" storeName="My" />
</Certificates>
<Endpoints>
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="service.foo.net" />
</Endpoints>
根据这个 MSDN 文章,每一个输入端点都必须有一个唯一的端口。有什么办法可以指定多次证书的详细此端点?
According to this MSDN article, each input endpoint must have a unique port. Is there any way to specify more than once certificate for this endpoint?
推荐答案
可惜,这是不可能的。 Azure是重新露出了SSL的限制。在SSL限制是有趣的,原因你无法通过SSL使用V-主机。让我们通过一个例子来走:
Unfortunately this is not possible. Azure is re-exposing an SSL limitation. The SSL limitation is interesting, and the reason you can't use v-hosts over SSL. Lets walk through an example:
- 您连接到 https://ig2600.blogspot.com
- 解析为一些IP地址 - 8.8.8.8说
- 您现在浏览器连接到8.8.8.8
- 8.8.8.8必须preSET在你的浏览器会发送任何数据的证书
- 浏览器验证ceritificate presented是ig2600.blogspot.com
- 您发送HTTP请求,其中包含您的域名。
由于服务器需要present证书的 的你告诉它你想谈的主机名之前,服务器无法知道,如果多是$ P $要使用的证书psent,所以你只能有一个证书。
Since the server needs to present a certificate before you tell it the host name you want to talk to, the server can't know which certificate to use if multiple are present, thus you can only have a single cert.
这篇关于Azure的Web角色 - 多个SSL证书指向一个端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!