Export (0) Print
Expand All

How to Use SSL Offloading

Updated: October 3, 2014

The following steps show you how to use the SSL Offloading feature of the Azure Toolkit for Eclipse.

  1. Start with the code created in the Creating a Hello World Application for Azure in Eclipse example.

  2. Within Eclipse’s Project Explorer, expand MyAzureProject, right-click WorkerRole1, click Azure, and then click SSL Offloading.

  3. In the SSL Offloading dialog, click Enable SSL offloading (HTTPS).

  4. Click Yes to confirm mapping the endpoint named http to port 443 is acceptable.

  5. For HTTPS Certificate, click Certificates.

  6. In the Certificates dialog, click Add. (This tutorial assumes you do not yet have a certificate listed in the Certificates dialog.)

  7. Within the Add Certificate dialog, you have 3 options:

    • You can specify values for Name and Thumbprint. Using this option, you provide a name for the certificate (this is to help you remember the certificate), and the thumbprint for the certificate manually.

    • You can click Import. Using this option, you then browse to a local certificate, either in CER or PFX.

    • You can click New. Using this option, you will be prompted to provide a password and common name (CN) for a new certificate, as well as the path and name for the CER and PFX files where the new certificate will be stored.

    For either option, when you publish your deployment through the Eclipse toolkit, if the certificate with the specified thumbprint has not yet been uploaded to the Azure Management Portal, the toolkit will prompt you for the path and password to the PFX certificate that has the specified thumbprint.

    For purposes of this example, click New.

  8. In the New Certificate dialog:

    1. Specify and confirm a password for the certificate.

    2. Specify a common name (CN) for the certificate.

    3. Specify the path and name for the new certificate, in the CER format.

    4. Specify the path and name for the new certificate, in the PFX format. The path and name will use a default path and name that you specified for the CER file (except the PFX will use extension .pfx).

    Your New Certificate dialog will look similar to the following.

    New SSL certificate
  9. Click OK to close the New Certificate dialog.

  10. Once you’ve added your certificate, the certificate name and thumbprint will be automatically entered in the Add Certificate dialog. Click OK to close the Add Certificate dialog. Your Certificates dialog will look similar to the following.

    SSL offloading certificate
  11. Click OK to close the Certificates dialog.

  12. You SSL Offloading dialog should look similar to the following.

    SSL offloading dialog
  13. Click OK to close the SSL Offloading dialog.

  14. Note that SSL offloading does not work in the compute emulator. To see SSL offloading in action, deploy your project to the Azure cloud, as described at Creating a Hello World Application for Azure in Eclipse. During the publish process, you will be prompted to upload a certificate (assuming the certificate has not yet been uploaded). Specify the PFX password and path and file name of the PFX certificate, and your deployment will begin publishing.

  15. After your deployment is published, navigate to the HTTPS version of the URL of your deployment. Include the trailing / in the URL, such as https://<yourservicename>.cloudapp.net/MyHelloWorld/, or specify the full file name to index.jsp, such as https://<yourservicename>.cloudapp.net/MyHelloWorld/index.jsp.

    Note that since there is no separate role for handling HTTP, if the user mistakenly includes http:// instead of https:// in the URL above, the request will automatically redirect to the HTTPS endpoint

Since this example used a self-signed certificate, you will be warned by the web browser about the trustworthiness of the certificate when you navigate to your web site. Since you created the self-signed certificate and deployed it to your cloud service, it is acceptable for test purposes. Note, however, that you would want to procure an SSL certificate recognized by a certificate authority that you trust, in order to run your deployment outside of an environment based on a self-signed test certificate. Once you have acquired your trusted SSL certificate, import it into your project using the Certificates dialog, delete the self-signed test certificate using the same Certificates dialog, and then deploy your project again.

See Also


SSL Offloading

© 2014 Microsoft