Azure Web 角色 - 指向单个端点的多个 ssl 证书 [英] Azure web role - Multiple ssl certs pointing to a single endpoint
问题描述
有没有办法让多个 ssl 证书指向服务定义中的单个输入端点?例如,假设我有两个 url.
Is there a way I can have multiple ssl certificates point to a single inputendpoint in a service definition? For example, lets say I have two url's.
service.foo.net/Service.svc
service.foo.net/Service.svc
service.doo.net/Service.svc
service.doo.net/Service.svc
我希望这两个地址都解析为我的 windows azure 服务,但我不确定如何在服务定义中进行配置.
I want both of these addresses to resolve to my windows azure service, but I'm not sure how to configure this in the service definition.
<Certificates>
<Certificate name="service.foo.net" storeLocation="LocalMachine" storeName="My" />
<Certificate name="service.doo.net" storeLocation="LocalMachine" storeName="My" />
</Certificates>
<Endpoints>
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="service.foo.net" />
</Endpoints>
根据这篇 MSDN 文章,每个输入端点必须有一个唯一的端口.有没有办法为此端点指定多次证书?
According to this MSDN article, each input endpoint must have a unique port. Is there any way to specify more than once certificate for this endpoint?
推荐答案
很遗憾,这是不可能的.Azure 重新公开了 SSL 限制.SSL 限制很有趣,这也是您不能通过 SSL 使用 v-hosts 的原因.让我们来看一个例子:
Unfortunately this is not possible. Azure is re-exposing an SSL limitation. The SSL limitation is interesting, and the reason you can't use v-hosts over SSL. Lets walk through an example:
- 您连接到 https://ig2600.blogspot.com
- 解析为某个 IP 地址 - 比如 8.8.8.8
- 您的浏览器现在连接到 8.8.8.8
- 8.8.8.8 必须在您的浏览器发送任何数据之前预设一个证书
- 浏览器验证提供的证书适用于 ig2600.blogspot.com
- 您发送包含您的域名的 http 请求.
由于服务器需要提供一个证书在你告诉它你想与之交谈的主机名,如果存在多个证书,服务器无法知道使用哪个证书,因此你只能有一个证书.
Since the server needs to present a certificate before you tell it the host name you want to talk to, the server can't know which certificate to use if multiple are present, thus you can only have a single cert.
这篇关于Azure Web 角色 - 指向单个端点的多个 ssl 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!